Search
Search Results (26 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1370 | 2 Themegrill, Wordpress | 2 Maintenance Page, Wordpress | 2026-04-08 | 5.3 Medium |
| The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails. | ||||
| CVE-2024-24882 | 2 Masteriyo, Themegrill | 2 Masteriyo, Masteriyo | 2026-04-01 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. | ||||
| CVE-2023-3345 | 1 Themegrill | 1 Masteriyo | 2025-06-10 | 6.5 Medium |
| The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students | ||||
| CVE-2020-36334 | 1 Themegrill | 1 Themegrill Demo Importer | 2024-11-21 | 8.8 High |
| themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database. | ||||
| CVE-2020-36333 | 1 Themegrill | 1 Themegrill Demo Importer | 2024-11-21 | 9.1 Critical |
| themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook. | ||||
| CVE-2024-39629 | 1 Themegrill | 1 Himalayas | 2024-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2. | ||||