CVE-2025-69097 WordPress WPLMS plugin <= 1.9.9.5.4 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in VibeThemes WPLMS wplmsplugin allows Path Traversal.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-53420 WordPress WPLMS plugin <= 1.9.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-53420

CVE-2025-53420 affects WordPress WPLMS plugin versions up to 1.9.9.8. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Impact per CVSS shows HIGH severity (7.1) with low confidentiality, integrity, and availability impacts. The vulnerability deta...

CVE-2025-49925 WordPress WPLMS plugin <= 1.9.9.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

CVE-2025-58668 WordPress WPLMS theme <= 4.970 - Broken Access Control vulnerability

Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through = 4.970...

CVE-2024-56043

CVE-2024-56043 concerns the WordPress plugin WPLMS by VibeThemes. The vulnerability is an Incorrect Privilege Assignment that allows unauthenticated privilege escalation in WPLMS versions up to 1.9.9. The root cause, as described in the sources, is a privilege assignment error. Impact is describe...

CVE-2024-56042 WordPress WPLMS plugin < 1.9.9.5.3 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VibeThemes WPLMS wplmsplugin allows SQL Injection.This issue affects WPLMS: from n/a through 1.9.9.5.3...

CVE-2024-56053 WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VibeThemes WPLMS wplmsplugin allows SQL Injection.This issue affects WPLMS: from n/a through 1.9.9.5.3...

CVE-2024-56050

CVE-2024-56050: Unrestricted Upload of File with Dangerous Type in WPLMS (WordPress LMS by VibeThemes) permits uploading a web shell to the web server. Affected: WPLMS

CVE-2024-56054 WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplmsplugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.5.2...

CVE-2024-56049 WordPress WPLMS plugin < 1.9.9.5.2 - Subscriber+ Arbitrary File Deletion vulnerability

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2...

CVE-2024-56055 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary Directory Deletion vulnerability

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplmsplugin allows Path Traversal.This issue affects WPLMS: from n/a through 1.9.9.5.2...

CVE-2024-56051

CVE-2024-56051 affects WPLMS (WordPress plugin) up to 1.9.9.5. The issue is an unauthenticated Remote Code Execution (RCE) in WPLMS, allowing attacker-controlled code execution. Red Hat/Wordfence entries corroborate RCE and note the fix was applied in version 1.9.9.5. Recommend upgrading to 1.9.9...

WordPress WPLMS Theme Privilege Escalation

The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an authenticated user of any user level to set any system option due to a lack of validation in the importdata function of /includes/func.php. The module first changes the admin e-mail address to prevent any notifications being sent t...