CVE-2025-69097

CVE-2025-69097 describes an unauthenticated path traversal vulnerability in the WordPress WPLMS plugin (VibeThemes) that enables arbitrary file deletion. Affected: WPLMS plugin versions up to and including 1.9.9.5.4. Public sources (CVE records and Red Hat/Reddit references) allege the issue, wit...

CVE-2025-63035

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-63035 WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

CVE-2025-63035

CVE-2025-63035 affects the WordPress WPLMS plugin (WPLMS wplms_plugin) up to version 1.9.9.5.4. The issue is a DOM-Based Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. This can enable script execution within the context of the affected site....

CVE-2025-63035 WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through = 1.9.9.5.4...

WordPress plugin WPLMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WPLMS versions = 1.9.9.5.4...

CVE-2025-53420

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-53420

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-49925

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

CVE-2025-53420 WordPress WPLMS plugin <= 1.9.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-53420

CVE-2025-53420 affects WordPress WPLMS plugin versions up to 1.9.9.8. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Impact per CVSS shows HIGH severity (7.1) with low confidentiality, integrity, and availability impacts. The vulnerability deta...

CVE-2025-53420 WordPress WPLMS plugin <= 1.9.9.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VibeThemes WPLMS wplmsplugin allows Reflected XSS.This issue affects WPLMS: from n/a through = 1.9.9.8...

CVE-2025-49925 WordPress WPLMS plugin <= 1.9.9.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in VibeThemes WPLMS wplmsplugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through = 1.9.9.7...

CVE-2025-49925

CVE-2025-49925 corresponds to a Missing Authorization (Broken Access Control) vulnerability in the WordPress WPLMS plugin up to version 1.9.9.7. Affected component is the WPLMS plugin of VibeThemes; root cause is functionality exposure not properly constrained by ACLs, allowing access to restrict...

WordPress plugin WPLMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-sit...

WordPress plugin WPLMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2024-56044 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplmsplugin allows Authentication Bypass.This issue affects WPLMS: from n/a through = 1.9.9...

CVE-2024-56044

CVE-2024-56044 concerns a flaw in the WordPress plugin “VibeThemes WPLMS” (versions 1.9.9 and earlier) that allows an authentication bypass via an alternate path or channel. The documented impact is unauthenticated, total access, enabling bypass of login controls and control over the affected sit...

CVE-2024-56043

CVE-2024-56043 concerns the WordPress plugin WPLMS by VibeThemes. The vulnerability is an Incorrect Privilege Assignment that allows unauthenticated privilege escalation in WPLMS versions up to 1.9.9. The root cause, as described in the sources, is a privilege assignment error. Impact is describe...