Lucene search
K
VibethemesWordpress Learning Management System

22 matches found

CVE
CVE
added 2024/11/09 5:40 a.m.82 views

CVE-2024-10470

The CVE describes an unauthenticated path-traversal/file-read and delete vulnerability in the WPLMS Learning Management System WordPress theme (versions

9.8CVSS9.8AI score0.33856EPSS
Web
CVE
CVE
added 2024/12/31 12:53 p.m.79 views

CVE-2024-56046

CVE-2024-56046 affects WordPress plugin WPLMS (VibeThemes)≤1.9.9. The vulnerability is unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to the web server. Exploitation is possible without authentication. Documents from PT-Security and Patchstack corrob...

10CVSS7.4AI score0.00743EPSS
CVE
CVE
added 2024/12/18 6:55 p.m.69 views

CVE-2024-56052

CVE-2024-56052 : Unrestricted Upload of File with Dangerous Type in the WordPress LMS plugin WPLMS allows uploading a web shell to the web server. Affected: WPLMS versions prior to 1.9.9.5.2. Impact is described as severe, with CVSS ratings in sources indicating HIGH/CRITICAL levels (e.g., base s...

9.9CVSS7.4AI score0.00682EPSS
CVE
CVE
added 2023/07/11 12:1 p.m.65 views

CVE-2023-36690

CVE-2023-36690 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress theme WPLMS by VibeThemes, affecting versions earlier than 4.900. The CVE entry indicates an unauthenticated CSRF flaw in WPLMS; Patchstack notes the issue is fixed in version 4.900, implying users should ...

8.8CVSS8.5AI score0.00248EPSS
CVE
CVE
added 2024/12/31 1:15 p.m.64 views

CVE-2024-56043

CVE-2024-56043 concerns the WordPress plugin WPLMS by VibeThemes. The vulnerability is an Incorrect Privilege Assignment that allows unauthenticated privilege escalation in WPLMS versions up to 1.9.9. The root cause, as described in the sources, is a privilege assignment error. Impact is describe...

9.8CVSS7.4AI score0.00614EPSS
CVE
CVE
added 2024/12/18 6:56 p.m.63 views

CVE-2024-56050

CVE-2024-56050: Unrestricted Upload of File with Dangerous Type in WPLMS (WordPress LMS by VibeThemes) permits uploading a web shell to the web server. Affected: WPLMS

9.9CVSS7.4AI score0.00682EPSS
CVE
CVE
added 2024/12/31 1:17 p.m.59 views

CVE-2024-56044

CVE-2024-56044 concerns a flaw in the WordPress plugin “VibeThemes WPLMS” (versions 1.9.9 and earlier) that allows an authentication bypass via an alternate path or channel. The documented impact is unauthenticated, total access, enabling bypass of login controls and control over the affected sit...

9.8CVSS7.4AI score0.00796EPSS
CVE
CVE
added 2024/12/31 1:17 p.m.59 views

CVE-2024-56045

CVE-2024-56045 is an unauthenticated path traversal flaw in the WPLMS (VibeThemes) WordPress plugin, affecting versions up to 1.9.9.4/1.9.9 before 1.9.9.5. It enables arbitrary directory deletion via path traversal. Red Hat notes confirm unauthenticated directory deletion risk; Red Hat and RH adv...

9.3CVSS7.4AI score0.00663EPSS
CVE
CVE
added 2024/12/31 12:57 p.m.58 views

CVE-2024-56042

CVE-2024-56042 affects the WordPress WPLMS plugin before version 1.9.9.5.3. The issue is an SQL injection caused by improper neutralization of special elements in SQL commands, allowing unauthenticated attackers to exploit the vulnerability. Documented impact includes data exposure/modification v...

9.8CVSS7.4AI score0.00688EPSS
CVE
CVE
added 2024/12/18 6:57 p.m.58 views

CVE-2024-56048

CVE-2024-56048 affects WPLMS (WordPress LMS) up to version 1.9.9. The vulnerability is a Missing Authorization/Unauthenticated Privilege Escalation that allows updating privileged options and accessing restricted functionality, with reported exploitation in multiple disclosures. Several connected...

8.8CVSS7.2AI score0.00594EPSS
CVE
CVE
added 2024/12/18 6:58 p.m.53 views

CVE-2024-56047

CVE-2024-56047 is an SQL Injection vulnerability in the WPLMS plugin for WordPress (VibeThemes WPLMS wplms_plugin). The issue affects WPLMS versions prior to 1.9.9.5.3 and stems from improper neutralization of special elements in SQL commands. Per the initial record, the CVSS vector (NVD) is CVSS...

8.8CVSS7.3AI score0.00591EPSS
CVE
CVE
added 2024/12/18 6:53 p.m.51 views

CVE-2024-56054

CVE-2024-56054 affects the WordPress plugin WPLMS by VibeThemes. The connected Red Hat/Wordfence entries confirm an Unrestricted Upload of File with Dangerous Type vulnerability that enables uploading a web shell to the web server in WPLMS versions prior to 1.9.9.5.2. According to NVD, the CVSSv3...

9.1CVSS7.4AI score0.00557EPSS
CVE
CVE
added 2024/12/18 6:52 p.m.50 views

CVE-2024-56057

CVE-2024-56057 affects the WPLMS plugin for WordPress (WPLMS

9.9CVSS7.4AI score0.00531EPSS
CVE
CVE
added 2024/12/18 6:58 p.m.46 views

CVE-2024-56053

CVE-2024-56053 affects the WPLMS WordPress LMS plugin. Versions before 1.9.9.5.3 are vulnerable to SQL Injection due to improper input neutralization. Impact is high (C/H/I/H; CVSSv3.1 base 8.8). Mitigation: upgrade to 1.9.9.5.3 or later; no exploit details are provided in the connected documents.

8.8CVSS7.3AI score0.00417EPSS
CVE
CVE
added 2024/12/18 6:46 p.m.44 views

CVE-2024-56049

CVE-2024-56049: Path Traversal? No — this entry actually relates to WPLMS; the connected Red Hat/Wordfence data confirms a real issue in WPLMS (VibeThemes) via Arbitrary File Upload. The vulnerability is present in WPLMS versions prior to 1.9.9.5.2 and can be exploited by a user with Contributor-...

8.5CVSS7.2AI score0.00441EPSS
CVE
CVE
added 2024/12/18 6:42 p.m.42 views

CVE-2024-56055

CVE-2024-56055 describes a path traversal vulnerability in the WPLMS WordPress plugin. The issue allows arbitrary directory deletion through path traversal in WPLMS versions up to 1.9.9.5.2 (authenticated as Contributor+). Public records indicate the root cause is a path traversal misconfiguratio...

8.8CVSS7.2AI score0.00459EPSS
CVE
CVE
added 2024/12/18 6:41 p.m.41 views

CVE-2024-56051

CVE-2024-56051 affects WPLMS (WordPress plugin) up to 1.9.9.5. The issue is an unauthenticated Remote Code Execution (RCE) in WPLMS, allowing attacker-controlled code execution. Red Hat/Wordfence entries corroborate RCE and note the fix was applied in version 1.9.9.5. Recommend upgrading to 1.9.9...

8.8CVSS7.2AI score0.00441EPSS
CVE
CVE
added 2025/07/19 11:23 a.m.25 views

CVE-2015-10139

CVE-2015-10139 affects the WPLMS WordPress theme and allows privilege escalation via the wp_ajax_import_data AJAX action in versions 1.5.2–1.8.4.1. Authenticated attackers could modify restricted settings and potentially create a new admin account. The issue is tied to an API/endpoint exposed to ...

8.8CVSS6.3AI score0.00993EPSS
CVE
CVE
added 2025/12/09 2:52 p.m.13 views

CVE-2025-63035

CVE-2025-63035 affects the WordPress WPLMS plugin (WPLMS wplms_plugin) up to version 1.9.9.5.4. The issue is a DOM-Based Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. This can enable script execution within the context of the affected site....

6.5CVSS6AI score0.00167EPSS
CVE
CVE
added 2025/10/22 2:32 p.m.12 views

CVE-2025-49925

CVE-2025-49925 corresponds to a Missing Authorization (Broken Access Control) vulnerability in the WordPress WPLMS plugin up to version 1.9.9.7. Affected component is the WPLMS plugin of VibeThemes; root cause is functionality exposure not properly constrained by ACLs, allowing access to restrict...

7.5CVSS6.6AI score0.00333EPSS
CVE
CVE
added 2025/09/22 6:22 p.m.11 views

CVE-2025-58668

CVE-2025-58668 is a Missing Authorization vulnerability affecting WPLMS (WordPress-based Learning Management System). The CVE entry states impact on WPLMS versions up to 4.970, with a high-severity exposure. The available metrics indicate a network-exposed flaw with no required privileges, and no...

9.8CVSS5.9AI score0.00263EPSS
CVE
CVE
added 2025/10/22 2:32 p.m.10 views

CVE-2025-53420

CVE-2025-53420 affects WordPress WPLMS plugin versions up to 1.9.9.8. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Impact per CVSS shows HIGH severity (7.1) with low confidentiality, integrity, and availability impacts. The vulnerability deta...

7.1CVSS6AI score0.00228EPSS