22 matches found
CVE-2024-10470
The CVE describes an unauthenticated path-traversal/file-read and delete vulnerability in the WPLMS Learning Management System WordPress theme (versions
CVE-2024-56046
CVE-2024-56046 affects WordPress plugin WPLMS (VibeThemes)≤1.9.9. The vulnerability is unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to the web server. Exploitation is possible without authentication. Documents from PT-Security and Patchstack corrob...
CVE-2024-56052
CVE-2024-56052 : Unrestricted Upload of File with Dangerous Type in the WordPress LMS plugin WPLMS allows uploading a web shell to the web server. Affected: WPLMS versions prior to 1.9.9.5.2. Impact is described as severe, with CVSS ratings in sources indicating HIGH/CRITICAL levels (e.g., base s...
CVE-2023-36690
CVE-2023-36690 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress theme WPLMS by VibeThemes, affecting versions earlier than 4.900. The CVE entry indicates an unauthenticated CSRF flaw in WPLMS; Patchstack notes the issue is fixed in version 4.900, implying users should ...
CVE-2024-56043
CVE-2024-56043 concerns the WordPress plugin WPLMS by VibeThemes. The vulnerability is an Incorrect Privilege Assignment that allows unauthenticated privilege escalation in WPLMS versions up to 1.9.9. The root cause, as described in the sources, is a privilege assignment error. Impact is describe...
CVE-2024-56050
CVE-2024-56050: Unrestricted Upload of File with Dangerous Type in WPLMS (WordPress LMS by VibeThemes) permits uploading a web shell to the web server. Affected: WPLMS
CVE-2024-56044
CVE-2024-56044 concerns a flaw in the WordPress plugin “VibeThemes WPLMS” (versions 1.9.9 and earlier) that allows an authentication bypass via an alternate path or channel. The documented impact is unauthenticated, total access, enabling bypass of login controls and control over the affected sit...
CVE-2024-56045
CVE-2024-56045 is an unauthenticated path traversal flaw in the WPLMS (VibeThemes) WordPress plugin, affecting versions up to 1.9.9.4/1.9.9 before 1.9.9.5. It enables arbitrary directory deletion via path traversal. Red Hat notes confirm unauthenticated directory deletion risk; Red Hat and RH adv...
CVE-2024-56042
CVE-2024-56042 affects the WordPress WPLMS plugin before version 1.9.9.5.3. The issue is an SQL injection caused by improper neutralization of special elements in SQL commands, allowing unauthenticated attackers to exploit the vulnerability. Documented impact includes data exposure/modification v...
CVE-2024-56048
CVE-2024-56048 affects WPLMS (WordPress LMS) up to version 1.9.9. The vulnerability is a Missing Authorization/Unauthenticated Privilege Escalation that allows updating privileged options and accessing restricted functionality, with reported exploitation in multiple disclosures. Several connected...
CVE-2024-56047
CVE-2024-56047 is an SQL Injection vulnerability in the WPLMS plugin for WordPress (VibeThemes WPLMS wplms_plugin). The issue affects WPLMS versions prior to 1.9.9.5.3 and stems from improper neutralization of special elements in SQL commands. Per the initial record, the CVSS vector (NVD) is CVSS...
CVE-2024-56054
CVE-2024-56054 affects the WordPress plugin WPLMS by VibeThemes. The connected Red Hat/Wordfence entries confirm an Unrestricted Upload of File with Dangerous Type vulnerability that enables uploading a web shell to the web server in WPLMS versions prior to 1.9.9.5.2. According to NVD, the CVSSv3...
CVE-2024-56057
CVE-2024-56057 affects the WPLMS plugin for WordPress (WPLMS
CVE-2024-56053
CVE-2024-56053 affects the WPLMS WordPress LMS plugin. Versions before 1.9.9.5.3 are vulnerable to SQL Injection due to improper input neutralization. Impact is high (C/H/I/H; CVSSv3.1 base 8.8). Mitigation: upgrade to 1.9.9.5.3 or later; no exploit details are provided in the connected documents.
CVE-2024-56049
CVE-2024-56049: Path Traversal? No — this entry actually relates to WPLMS; the connected Red Hat/Wordfence data confirms a real issue in WPLMS (VibeThemes) via Arbitrary File Upload. The vulnerability is present in WPLMS versions prior to 1.9.9.5.2 and can be exploited by a user with Contributor-...
CVE-2024-56055
CVE-2024-56055 describes a path traversal vulnerability in the WPLMS WordPress plugin. The issue allows arbitrary directory deletion through path traversal in WPLMS versions up to 1.9.9.5.2 (authenticated as Contributor+). Public records indicate the root cause is a path traversal misconfiguratio...
CVE-2024-56051
CVE-2024-56051 affects WPLMS (WordPress plugin) up to 1.9.9.5. The issue is an unauthenticated Remote Code Execution (RCE) in WPLMS, allowing attacker-controlled code execution. Red Hat/Wordfence entries corroborate RCE and note the fix was applied in version 1.9.9.5. Recommend upgrading to 1.9.9...
CVE-2015-10139
CVE-2015-10139 affects the WPLMS WordPress theme and allows privilege escalation via the wp_ajax_import_data AJAX action in versions 1.5.2–1.8.4.1. Authenticated attackers could modify restricted settings and potentially create a new admin account. The issue is tied to an API/endpoint exposed to ...
CVE-2025-63035
CVE-2025-63035 affects the WordPress WPLMS plugin (WPLMS wplms_plugin) up to version 1.9.9.5.4. The issue is a DOM-Based Cross-Site Scripting vulnerability caused by improper input neutralization during web page generation. This can enable script execution within the context of the affected site....
CVE-2025-49925
CVE-2025-49925 corresponds to a Missing Authorization (Broken Access Control) vulnerability in the WordPress WPLMS plugin up to version 1.9.9.7. Affected component is the WPLMS plugin of VibeThemes; root cause is functionality exposure not properly constrained by ACLs, allowing access to restrict...
CVE-2025-58668
CVE-2025-58668 is a Missing Authorization vulnerability affecting WPLMS (WordPress-based Learning Management System). The CVE entry states impact on WPLMS versions up to 4.970, with a high-severity exposure. The available metrics indicate a network-exposed flaw with no required privileges, and no...
CVE-2025-53420
CVE-2025-53420 affects WordPress WPLMS plugin versions up to 1.9.9.8. The issue is a Reflected XSS caused by improper neutralization of input during web page generation. Impact per CVSS shows HIGH severity (7.1) with low confidentiality, integrity, and availability impacts. The vulnerability deta...