Skip to main content

Thim Core

2 CVEs product

Monthly

CVE-2025-53346 MEDIUM This Month

Missing authorization in the ThimPress Thim Core WordPress plugin (all versions through 2.3.3) allows authenticated low-privileged users to perform actions exceeding their intended permission level due to improperly enforced access control checks. The flaw, classified as CWE-862 (Missing Authorization), results in unauthorized integrity-impacting operations without requiring administrative credentials, as confirmed by the CVSS vector (PR:L/I:L). No public exploit code exists and no active exploitation has been confirmed at time of analysis.

Authentication Bypass Thim Core
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53345 HIGH This Week

Privilege-bound arbitrary code execution in ThimPress Thim Core (WordPress plugin) versions through 2.3.3 allows authenticated low-privilege users to bypass authorization checks and execute arbitrary code on affected sites, per Patchstack's advisory tagging this as an authentication bypass leading to RCE. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability with low attack complexity over the network. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Thim Core
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing authorization in the ThimPress Thim Core WordPress plugin (all versions through 2.3.3) allows authenticated low-privileged users to perform actions exceeding their intended permission level due to improperly enforced access control checks. The flaw, classified as CWE-862 (Missing Authorization), results in unauthorized integrity-impacting operations without requiring administrative credentials, as confirmed by the CVSS vector (PR:L/I:L). No public exploit code exists and no active exploitation has been confirmed at time of analysis.

Authentication Bypass Thim Core
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Privilege-bound arbitrary code execution in ThimPress Thim Core (WordPress plugin) versions through 2.3.3 allows authenticated low-privilege users to bypass authorization checks and execute arbitrary code on affected sites, per Patchstack's advisory tagging this as an authentication bypass leading to RCE. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability with low attack complexity over the network. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Thim Core
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy