WordPress LMS theme <= 9.2 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Cút lộn xào me in WordPress Theme LMS versions = 9.2...

CVE-2025-52799 WordPress LMS theme <= 9.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in designthemes LMS allows Reflected XSS. This issue affects LMS: from n/a through 9.1...

WordPress LMS Theme <= 9.1 is vulnerable to Cross Site Scripting (XSS)

Software LMS Type Theme Vulnerable versions = 9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2025-52799 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fe340a188e96 Credits Ann Required privilege Unauthenticated Published ...

CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

CVE-2024-10470

The CVE describes an unauthenticated path-traversal/file-read and delete vulnerability in the WPLMS Learning Management System WordPress theme (versions

CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...