CVE-2025-69097 WordPress WPLMS plugin <= 1.9.9.5.4 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in VibeThemes WPLMS wplmsplugin allows Path Traversal.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-69097

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in VibeThemes WPLMS wplmsplugin allows Path Traversal.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-69097

CVE-2025-69097 describes an unauthenticated path traversal vulnerability in the WordPress WPLMS plugin (VibeThemes) that enables arbitrary file deletion. Affected: WPLMS plugin versions up to and including 1.9.9.5.4. Public sources (CVE records and Red Hat/Reddit references) allege the issue, wit...

WordPress plugin WPLMS has a path traversal vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-4167

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in VibeThemes WPLMS wplms plugin allows Path Traversal.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-63035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-63035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-63035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-63035 WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-63035

CVE-2025-63035 affects the WordPress WPLMS plugin (WPLMS wplms_plugin) up to version 1.9.9.5.4. The issue is a DOM-Based Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. This can enable script execution within the context of the affected site....

CVE-2025-63035 WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

WordPress plugin WPLMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WPLMS versions = 1.9.9.5.4...

CVE-2025-53420

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-53420

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-53420

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

CVE-2025-53420 WordPress WPLMS plugin <= 1.9.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-53420

CVE-2025-53420 affects WordPress WPLMS plugin versions up to 1.9.9.8. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Impact per CVSS shows HIGH severity (7.1) with low confidentiality, integrity, and availability impacts. The vulnerability deta...