8 matches found
CVE-2025-69097
CVE-2025-69097 describes an unauthenticated path traversal vulnerability in the WordPress WPLMS plugin (VibeThemes) that enables arbitrary file deletion. Affected: WPLMS plugin versions up to and including 1.9.9.5.4. Public sources (CVE records and Red Hat/Reddit references) allege the issue, wit...
CVE-2025-63035
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through = 1.9.9.5.4...
CVE-2024-56046
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9...
CVE-2024-56042
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3...
PT-2024-36679 · Vibethemes · Wplms
Name of the Vulnerable Software and Affected Versions: VibeThemes WPLMS versions 1.9.9 and earlier Description: The issue is related to an authentication bypass using an alternate path or channel, allowing unauthorized access. This problem lets a user bypass authentication using another path...
CVE-2024-56055
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2...
CVE-2024-56052
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2...
CVE-2023-36690
Cross-Site Request Forgery CSRF vulnerability in VibeThemes WPLMS theme = 4.900 versions...