Themeum Themeum

  1. Vendors
  2. Themeum

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Themeum product.

RSS Feeds for Themeum security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Themeum products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Themeum Sorted by Most Security Vulnerabilities since 2018

Themeum Tutor Lms66 vulnerabilities

Themeum Wp Crowdfunding12 vulnerabilities

Themeum Qubely9 vulnerabilities

Themeum Tutor Lms Elementor Addons5 vulnerabilities

Themeum Droip4 vulnerabilities

Themeum Wp Page Builder4 vulnerabilities

Themeum Tutor Lms Migration Tool2 vulnerabilities

Themeum Tutor Lms Pro1 vulnerability

Themeum Tutorlms Migrationtool1 vulnerability

Themeum Wp Megamenu1 vulnerability

By the Year

In 2026 there have been 15 vulnerabilities in Themeum with an average score of 6.5 out of ten. Last year, in 2025 Themeum had 14 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.82.




Year Vulnerabilities Average Score
2026 15 6.52
2025 14 5.70
2024 44 6.43
2023 11 6.82
2022 5 5.52
2021 12 5.93
2020 1 0.00

It may take a day or so for new Themeum vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Themeum Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-39638 Apr 08, 2026
Themeum Qubely <=1.8.14 Stored XSS via Unsanitized Input Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.14.
Qubely
CVE-2026-25406 Mar 25, 2026
Tutor LMS Pro <=3.9.4 Auth Bypass via Alternate Path Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeum Tutor LMS Pro tutor-pro allows Authentication Abuse.This issue affects Tutor LMS Pro: from n/a through <= 3.9.4.
Tutor Lms
CVE-2025-32223 Mar 19, 2026
Tutor LMS 3.9.4 Auth Bypass via UserControlled Key (Themeum) Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 3.9.4.
Tutor Lms
CVE-2026-0953 Mar 10, 2026
Tutor LMS Pro <=3.9.5 Auth Bypass via Social Login Addon The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that the email provided in the authentication request matches the email from the validated OAuth token. This makes it possible for unauthenticated attackers to log in as any existing user, including administrators, by supplying a valid OAuth token from their own account along with the victim's email address.
Tutor Lms
CVE-2026-23799 Mar 05, 2026
Missing Auth in Themeum Tutor LMS <=3.9.5 Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.5.
Tutor Lms
CVE-2025-13673 Feb 28, 2026
SQLi via coupon_code in Tutor LMS <= 3.9.6 (Mitigated 3.9.4/3.9.6) The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: This vulnerability was partially mitigated in versions 3.9.4 and 3.9.6.
Tutor Lms
CVE-2026-1371 Feb 03, 2026
WordPress Tutor LMS v3.9.5 Sensitive Info Exposure via ajax_coupon_details The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the `ajax_coupon_details()` function, which only validates nonces but does not verify user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive coupon information including coupon codes, discount amounts, usage statistics, and course/bundle applications.
Tutor Lms
CVE-2026-1375 Feb 03, 2026
Tutor LMS IDOR in v<=3.9.5 Modify/Delete arbitrary courses The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing object-level authorization checks in the `course_list_bulk_action()`, `bulk_delete_course()`, and `update_course_status()` functions. This makes it possible for authenticated attackers, with Tutor Instructor-level access and above, to modify or delete arbitrary courses they do not own by manipulating course IDs in bulk action requests.
Tutor Lms
CVE-2026-24584 Jan 23, 2026
Themeum Tutor LMS BunnyNet Integration XSS (<=1.0.0) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through <= 1.0.0.
Tutor Lms
CVE-2025-47555 Jan 22, 2026
Tutor LMS 3.9.4 Auth Bypass via User-Cont Key Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.
Tutor Lms
CVE-2026-0548 Jan 20, 2026
Tutor LMS WP Plugin <3.9.4 Unauthorized Attachment Deletion via delete_existing_user_photo The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to unauthorized attachment deletion due to a missing capability check on the `delete_existing_user_photo` function in all versions up to, and including, 3.9.4. This makes it possible for authenticated attackers, with subscriber level access and above, to delete arbitrary attachments on the site.
Tutor Lms
CVE-2025-13935 Jan 09, 2026
Tutor LMS <=3.9.2 Unauthorized Course Completion via mark_course_complete The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'mark_course_complete' function. This makes it possible for authenticated attackers, with subscriber level access and above, to mark any course as completed.
Tutor Lms
CVE-2025-13934 Jan 09, 2026
Tutor LMS WordPress Plugin <3.9.3 Unauthorized Course Enrolment via AJAX The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the `course_enrollment()` AJAX handler. This makes it possible for authenticated attackers, with subscriber level access and above, to enroll themselves in any course without going through the proper purchase flow.
Tutor Lms
CVE-2025-13628 Jan 09, 2026
Tutor LMS WP Plugin: unauthorized coupon deletion (3.9.3) The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification and deletion of data due to a missing capability check on the 'bulk_action_handler' and 'coupon_permanent_delete' functions in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with subscriber level access and above, to delete, activate, deactivate, or trash arbitrary coupons.
Tutor Lms
CVE-2025-13679 Jan 08, 2026
Unauthorized Access in Tutor LMS <=3.9.3 get_order_by_id() The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate order IDs and exfiltrate sensitive data (PII), such as student name, email address, phone number, and billing address.
Tutor Lms
CVE-2025-63042 Dec 09, 2025
Stored XSS in Themeum Tutor LMS Elementor Addon 3.0.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through <= 3.0.1.
Tutor Lms Elementor Addons
CVE-2025-6639 Oct 25, 2025
Insecure Direct Object Reference (IDOR) in Tutor LMS Pro <=3.8.3 The Tutor LMS Pro eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutor_assignment_submit() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and edit assignment submissions of other students.
Tutor Lms
CVE-2025-11564 Oct 25, 2025
Tutor LMS WP Plugin 3.8.3: Missing Cap Check Enables Unauth Order Pay Bypass The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check while verifying webhook signatures on the "verifyAndCreateOrderData" function in all versions up to, and including, 3.8.3. This makes it possible for unauthenticated attackers to bypass payment verification and mark orders as paid by submitting forged webhook requests with `payment_type` set to 'recurring'.
Tutor Lms
CVE-2025-6680 Oct 25, 2025
Sensitive Info Exposure in Tutor LMS 3.8.3 (WordPress plugin) The Tutor LMS eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.8.3. This makes it possible for authenticated attackers, with tutor-level access and above, to view assignments for courses they don't teach which may contain sensitive information.
Tutor Lms
CVE-2025-58249 Sep 22, 2025
Qubely <=1.8.14: Sensitive Data Exposure via Sent Data Insertion of Sensitive Information Into Sent Data vulnerability in Themeum Qubely allows Retrieve Embedded Sensitive Data. This issue affects Qubely: from n/a through 1.8.14.
Qubely
CVE-2025-58663 Sep 22, 2025
Themeum Qubely 1.8.14 Missing Auth via Incorrect ACP Levels Missing Authorization vulnerability in Themeum Qubely allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Qubely: from n/a through 1.8.14.
Qubely
CVE-2025-5831 Jul 25, 2025
Droip WP Plugin <=2.2.0: Arbitrary File Upload (RCE) The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Droip
CVE-2025-5835 Jul 25, 2025
Droip Plugin Missing Capability Check (WP <=2.2.0) The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform many actions as the AJAX hooks to several functions. Some potential impacts include arbitrary post deletion, arbitrary post creation, post duplication, settings update, user manipulation, and much more.
Droip
CVE-2025-32230 Apr 10, 2025
Themeum Tutor LMS v<=3.4.0: XSS via Improper Neutralization Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Themeum Tutor LMS. This issue affects Tutor LMS: from n/a through 3.4.0.
Tutor Lms
CVE-2025-31892 Apr 01, 2025
WP Crowdfunding <=2.1.13: Stored XSS Vulnerability Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding wp-crowdfunding allows Stored XSS.This issue affects WP Crowdfunding: from n/a through <= 2.1.15.
Wp Crowdfunding
CVE-2025-1508 Mar 12, 2025
WP Crowdfunding <=2.1.13 - Unrestricted Data Download via Missing Cap Check The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to download all of a site's post content when WooCommerce is installed.
Wp Crowdfunding
CVE-2024-13228 Mar 11, 2025
Qubely Advanced Gutenberg Blocks <=1.8.13 SIE via qubely_get_content The Qubely Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, password-protected, draft, and trashed post data.
Qubely
CVE-2025-26767 Feb 16, 2025
Qubely 1.8.12 Stored XSS via Improper Input Neutralization Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely qubely allows Stored XSS.This issue affects Qubely: from n/a through <= 1.8.12.
Qubely
CVE-2024-9601 Feb 14, 2025
Stored XSS in Qubely Gutenberg Blocks 1.8.12 via align/UniqueID The Qubely Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the align and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Qubely
CVE-2024-54282 Dec 13, 2024
WP Mega Menu <1.4.2 Deserialization (Obj Injection) in Themeum Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu wp-megamenu allows Object Injection.This issue affects WP Mega Menu: from n/a through <= 1.4.2.
Wp Megamenu
CVE-2023-41870 Dec 13, 2024
Themeum WP Crowdfunding Missing Auth Vulnerability (2.1.5) Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.
Wp Crowdfunding
CVE-2024-11911 Dec 13, 2024
WP Crowdfunding Plugin: Unauthorized Plugin Installation Vulnerability The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement.
Wp Crowdfunding
CVE-2024-11910 Dec 13, 2024
Stored XSS Vulnerability in WP Crowdfunding Plugin The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Wp Crowdfunding
CVE-2024-53816 Dec 09, 2024
Tutor LMS Elementor Addons <=2.1.5 Missing Auth Vulnerability Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons.This issue affects Tutor LMS Elementor Addons: from n/a through <= 2.1.5.
Tutor Lms Elementor Addons
CVE-2024-10393 Nov 21, 2024
Tutor LMS Plugin for WordPress: Unauthenticated User Registration Bypass Vulnerability The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
Tutor Lms
CVE-2024-10400 Nov 21, 2024
SQL Injection Vulnerability in Tutor LMS Plugin for WordPress The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the rating_filter parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Tutor Lms
CVE-2024-10897 Nov 15, 2024
Tutor LMS Elementor Addons Plugin: Unauthorized Plugin Installation Vulnerability The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install Elementor or Tutor LMS. Please note the impact of this issue is incredibly limited due to the fact that these two plugins will likely already be installed as a dependency of the plugin.
Tutor Lms Elementor Addons
CVE-2024-43142 Nov 01, 2024
Missing Auth in Tutor LMS <=2.7.3 (Themeum) Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.
Tutor Lms
CVE-2024-43937 Nov 01, 2024
Missing Auth in Themeum WP Crowdfunding <=2.1.10 (Unconfigured ACL) Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
Wp Crowdfunding
CVE-2024-10117 Oct 26, 2024
WP Crowdfunding 2.1.11: Stored XSS via wpcf_donate The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Wp Crowdfunding
CVE-2023-2919 Sep 10, 2024
CSRF in Tutor LMS 2.7.4: addon_enable_disable vuln The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addon_enable_disable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Tutor Lms
CVE-2024-5784 Aug 30, 2024
Tutor LMS Pro 2.7.2 Cap Check Bypass Enables Unauthorized Admin Actions The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with the subscriber-level access and above, to preform an administrative actions on the site, like comments, posts or users deletion, viewing notifications, etc.
Tutor Lms
CVE-2024-43955 Aug 29, 2024
Path Traversal in Themeum Droip <=1.1.1 Enables File Manipulation Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.
Droip
CVE-2024-43954 Aug 29, 2024
Themeum Droip <=1.1.1 Improper Authorization via ACLs Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.
Droip
CVE-2024-39645 Aug 26, 2024
CSRF in Themeum Tutor LMS (v2.7.2 and prior) Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
Tutor Lms
CVE-2024-5576 Aug 20, 2024
Stored XSS in Tutor LMS Elementor Addons (<=2.1.4) via course_carousel_skin The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Tutor Lms Elementor Addons
CVE-2024-43282 Aug 18, 2024
SQL Injection in Themeum Tutor LMS v2.7.2 (WordPress) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
Tutor Lms
CVE-2024-43231 Aug 12, 2024
Improper Neutralization of Input (XSS) in Tutor LMS (pre-2.7.3) Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.
Tutor Lms
CVE-2024-1804 Jul 27, 2024
Unauthorized Data Mod in Tutor LMS Migration Tool v2.2.0 The Tutor LMS Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to import courses.
Tutor Lms Migration Tool
Tutor Lms
CVE-2024-1798 Jul 27, 2024
Tutor LMS Migration Tool <=2.2.0: Capability Check Bypass Enables Course Export The Tutor LMS Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to export courses, including private and password protected courses.
Tutor Lms Migration Tool
Tutorlms Migrationtool
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.