cbcvebase.
CVE-2015-10139
published 2025-07-19

CVE-2015-10139: The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it…

PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
0.99%
58.2th percentile
The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account.

Affected

1 ranges
VendorProductVersion rangeFixed in
vibethemeswordpress_learning_management_system>= 1.5.2 < 1.8.91.8.9

Detection & IOCsextracted from sources · hover to see the quote

path/includes/func.php
url/wp-login.php?action=register
otherwp_ajax_import_data
  • Monitor for unauthenticated or low-privileged AJAX requests targeting the 'wp_ajax_import_data' action, which can be used to modify WordPress system options including admin email, user registration status, and default user role.
  • Alert on WordPress option changes that re-enable user registration (users_can_register) and set the default role to 'administrator' in close succession, as this is the attack chain used to create a rogue admin account.
  • Monitor for unexpected changes to the WordPress admin email address (admin_email option), which is modified early in the exploit to suppress notification emails to the legitimate administrator.
  • Watch for new account registrations via /wp-login.php?action=register immediately following suspicious option changes, as the exploit finalizes by registering a new admin-level user through the standard registration page.
  • ·The vulnerability affects WPLMS theme versions 1.5.2 through 1.8.4.1 only; detections tied to the wp_ajax_import_data action or /includes/func.php are scoped to this version range.
  • ·The exploit requires an existing authenticated session of any privilege level; purely unauthenticated access is not sufficient to trigger this vulnerability.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.