Search
Search Results (25 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24882 | 2 Masteriyo, Themegrill | 2 Masteriyo, Masteriyo | 2026-04-01 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. | ||||
| CVE-2023-3345 | 1 Themegrill | 1 Masteriyo | 2025-06-10 | 6.5 Medium |
| The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other students | ||||
| CVE-2020-36334 | 1 Themegrill | 1 Themegrill Demo Importer | 2024-11-21 | 8.8 High |
| themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database. | ||||
| CVE-2020-36333 | 1 Themegrill | 1 Themegrill Demo Importer | 2024-11-21 | 9.1 Critical |
| themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook. | ||||
| CVE-2024-39629 | 1 Themegrill | 1 Himalayas | 2024-09-11 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Himalayas allows Stored XSS.This issue affects Himalayas: from n/a through 1.3.2. | ||||