Search Results (26 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-1370 2 Themegrill, Wordpress 2 Maintenance Page, Wordpress 2026-04-08 5.3 Medium
The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails.
CVE-2024-24882 2 Masteriyo, Themegrill 2 Masteriyo, Masteriyo 2026-04-01 9.8 Critical
Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2.
CVE-2023-3345 1 Themegrill 1 Masteriyo 2025-06-10 6.5 Medium
The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students
CVE-2020-36334 1 Themegrill 1 Themegrill Demo Importer 2024-11-21 8.8 High
themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.
CVE-2020-36333 1 Themegrill 1 Themegrill Demo Importer 2024-11-21 9.1 Critical
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
CVE-2024-39629 1 Themegrill 1 Himalayas 2024-09-11 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2.