CVE-2025-49992

The CVE-2025-49992 entry documents a Reflected XSS in the LearnPress Export Import (ThimPress LearnPress Export Import) WordPress plugin. Affected component: the learnpress-import-export module; affected versions are listed as through 4.0.9 (and Patchstack notes 4.1.0 as a fix). Root cause: impro...

WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin LearnPress Export Import versions = 4.1.2...

CVE-2024-7620

The Customizer Export/Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'import' function in all versions up to, and including, 0.9.7. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2025-1970

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web request...

PT-2023-22724 · Thimpress · Thimpress Learnpress Export Import Plugin

Name of the Vulnerable Software and Affected Versions: ThimPress LearnPress Export Import plugin versions prior to 4.0.3 Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website,...