Lucene search
+L
VibethemesWordpress Learning Management System*

18 matches found

CVE
CVE
added 2024/11/09 5:40 a.m.84 views

CVE-2024-10470

The CVE describes an unauthenticated path-traversal/file-read and delete vulnerability in the WPLMS Learning Management System WordPress theme (versions

9.8CVSS9.8AI score0.33856EPSS
Web
CVE
CVE
added 2024/12/31 12:53 p.m.79 views

CVE-2024-56046

CVE-2024-56046 affects WordPress plugin WPLMS (VibeThemes)≤1.9.9. The vulnerability is unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to the web server. Exploitation is possible without authentication. Documents from PT-Security and Patchstack corrob...

10CVSS7.4AI score0.00743EPSS
CVE
CVE
added 2024/12/18 6:55 p.m.70 views

CVE-2024-56052

CVE-2024-56052 : Unrestricted Upload of File with Dangerous Type in the WordPress LMS plugin WPLMS allows uploading a web shell to the web server. Affected: WPLMS versions prior to 1.9.9.5.2. Impact is described as severe, with CVSS ratings in sources indicating HIGH/CRITICAL levels (e.g., base s...

9.9CVSS7.4AI score0.00696EPSS
CVE
CVE
added 2024/12/31 1:15 p.m.66 views

CVE-2024-56043

CVE-2024-56043 concerns the WordPress plugin WPLMS by VibeThemes. The vulnerability is an Incorrect Privilege Assignment that allows unauthenticated privilege escalation in WPLMS versions up to 1.9.9. The root cause, as described in the sources, is a privilege assignment error. Impact is describe...

9.8CVSS7.4AI score0.00614EPSS
CVE
CVE
added 2024/12/18 6:56 p.m.63 views

CVE-2024-56050

CVE-2024-56050: Unrestricted Upload of File with Dangerous Type in WPLMS (WordPress LMS by VibeThemes) permits uploading a web shell to the web server. Affected: WPLMS

9.9CVSS7.4AI score0.00696EPSS
CVE
CVE
added 2024/12/31 1:17 p.m.60 views

CVE-2024-56044

CVE-2024-56044 concerns a flaw in the WordPress plugin “VibeThemes WPLMS” (versions 1.9.9 and earlier) that allows an authentication bypass via an alternate path or channel. The documented impact is unauthenticated, total access, enabling bypass of login controls and control over the affected sit...

9.8CVSS7.4AI score0.00796EPSS
CVE
CVE
added 2024/12/31 1:17 p.m.59 views

CVE-2024-56045

CVE-2024-56045 is an unauthenticated path traversal flaw in the WPLMS (VibeThemes) WordPress plugin, affecting versions up to 1.9.9.4/1.9.9 before 1.9.9.5. It enables arbitrary directory deletion via path traversal. Red Hat notes confirm unauthenticated directory deletion risk; Red Hat and RH adv...

9.3CVSS7.4AI score0.00663EPSS
CVE
CVE
added 2024/12/31 12:57 p.m.58 views

CVE-2024-56042

CVE-2024-56042 affects the WordPress WPLMS plugin before version 1.9.9.5.3. The issue is an SQL injection caused by improper neutralization of special elements in SQL commands, allowing unauthenticated attackers to exploit the vulnerability. Documented impact includes data exposure/modification v...

9.8CVSS7.4AI score0.00688EPSS
CVE
CVE
added 2024/12/18 6:57 p.m.58 views

CVE-2024-56048

CVE-2024-56048 affects WPLMS (WordPress LMS) up to version 1.9.9. The vulnerability is a Missing Authorization/Unauthenticated Privilege Escalation that allows updating privileged options and accessing restricted functionality, with reported exploitation in multiple disclosures. Several connected...

8.8CVSS7.2AI score0.00606EPSS
CVE
CVE
added 2024/12/18 6:58 p.m.55 views

CVE-2024-56047

CVE-2024-56047 is an SQL Injection vulnerability in the WPLMS plugin for WordPress (VibeThemes WPLMS wplms_plugin). The issue affects WPLMS versions prior to 1.9.9.5.3 and stems from improper neutralization of special elements in SQL commands. Per the initial record, the CVSS vector (NVD) is CVSS...

8.8CVSS7.3AI score0.00602EPSS
CVE
CVE
added 2024/12/18 6:53 p.m.51 views

CVE-2024-56054

CVE-2024-56054 affects the WordPress plugin WPLMS by VibeThemes. The connected Red Hat/Wordfence entries confirm an Unrestricted Upload of File with Dangerous Type vulnerability that enables uploading a web shell to the web server in WPLMS versions prior to 1.9.9.5.2. According to NVD, the CVSSv3...

9.1CVSS7.4AI score0.00568EPSS
CVE
CVE
added 2024/12/18 6:52 p.m.50 views

CVE-2024-56057

CVE-2024-56057 affects the WPLMS plugin for WordPress (WPLMS

9.9CVSS7.4AI score0.00542EPSS
CVE
CVE
added 2024/12/18 6:58 p.m.46 views

CVE-2024-56053

CVE-2024-56053 affects the WPLMS WordPress LMS plugin. Versions before 1.9.9.5.3 are vulnerable to SQL Injection due to improper input neutralization. Impact is high (C/H/I/H; CVSSv3.1 base 8.8). Mitigation: upgrade to 1.9.9.5.3 or later; no exploit details are provided in the connected documents.

8.8CVSS7.3AI score0.00425EPSS
CVE
CVE
added 2024/12/18 6:46 p.m.45 views

CVE-2024-56049

CVE-2024-56049: Path Traversal? No — this entry actually relates to WPLMS; the connected Red Hat/Wordfence data confirms a real issue in WPLMS (VibeThemes) via Arbitrary File Upload. The vulnerability is present in WPLMS versions prior to 1.9.9.5.2 and can be exploited by a user with Contributor-...

8.5CVSS7.2AI score0.0045EPSS
CVE
CVE
added 2024/12/18 6:42 p.m.42 views

CVE-2024-56055

CVE-2024-56055 describes a path traversal vulnerability in the WPLMS WordPress plugin. The issue allows arbitrary directory deletion through path traversal in WPLMS versions up to 1.9.9.5.2 (authenticated as Contributor+). Public records indicate the root cause is a path traversal misconfiguratio...

8.8CVSS7.2AI score0.00468EPSS
CVE
CVE
added 2024/12/18 6:41 p.m.41 views

CVE-2024-56051

CVE-2024-56051 affects WPLMS (WordPress plugin) up to 1.9.9.5. The issue is an unauthenticated Remote Code Execution (RCE) in WPLMS, allowing attacker-controlled code execution. Red Hat/Wordfence entries corroborate RCE and note the fix was applied in version 1.9.9.5. Recommend upgrading to 1.9.9...

8.8CVSS7.2AI score0.0045EPSS
CVE
CVE
added 2025/10/22 2:32 p.m.13 views

CVE-2025-49925

CVE-2025-49925 corresponds to a Missing Authorization (Broken Access Control) vulnerability in the WordPress WPLMS plugin up to version 1.9.9.7. Affected component is the WPLMS plugin of VibeThemes; root cause is functionality exposure not properly constrained by ACLs, allowing access to restrict...

7.5CVSS6.6AI score0.00333EPSS
CVE
CVE
added 2025/09/22 6:22 p.m.13 views

CVE-2025-58668

CVE-2025-58668 is a Missing Authorization vulnerability affecting WPLMS (WordPress-based Learning Management System). The CVE entry states impact on WPLMS versions up to 4.970, with a high-severity exposure. The available metrics indicate a network-exposed flaw with no required privileges, and no...

9.8CVSS5.9AI score0.00263EPSS