Vibethemes Wordpress Learning Management System vulnerabilities
22 known vulnerabilities affecting vibethemes/wordpress_learning_management_system.
Total CVEs
22
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH14MEDIUM1
Vulnerabilities
Page 1 of 2
CVE-2024-10470P2CRITICALCVSS 9.8fixed in 4.9632024-11-09
CVE-2024-10470 [CRITICAL] CWE-22 CVE-2024-10470: The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitr
nvd
CVE-2015-10139P2HIGHCVSS 8.8PoC≥ 1.5.2, < 1.8.92025-07-19
CVE-2015-10139 [HIGH] CWE-269 CVE-2015-10139: The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via
The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account.
nvd
CVE-2024-56046P2CRITICALCVSS 9.8fixed in 1.9.9.12024-12-31
CVE-2024-56046 [CRITICAL] CWE-434 CVE-2024-56046: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9.
nvd
CVE-2024-56044P3CRITICALCVSS 9.8fixed in 1.9.9.12024-12-31
CVE-2024-56044 [CRITICAL] CWE-288 CVE-2024-56044: Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plu
Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9.
nvd
CVE-2024-56042P2CRITICALCVSS 9.8fixed in 1.9.9.5.32024-12-31
CVE-2024-56042 [CRITICAL] CWE-89 CVE-2024-56042: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
nvd
CVE-2024-56050P2HIGHCVSS 8.8fixed in 1.9.9.5.32024-12-18
CVE-2024-56050 [HIGH] CWE-434 CVE-2024-56050: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
nvd
CVE-2024-56052P2HIGHCVSS 8.8fixed in 1.9.9.5.22024-12-18
CVE-2024-56052 [HIGH] CWE-434 CVE-2024-56052: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2024-56054P3HIGHCVSS 8.8fixed in 1.9.9.5.22024-12-18
CVE-2024-56054 [HIGH] CWE-434 CVE-2024-56054: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2024-56057P2HIGHCVSS 8.8fixed in 1.9.9.5.22024-12-18
CVE-2024-56057 [HIGH] CWE-434 CVE-2024-56057: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2024-56043P3CRITICALCVSS 9.8fixed in 1.9.9.12024-12-31
CVE-2024-56043 [CRITICAL] CWE-266 CVE-2024-56043: Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escal
Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9.
nvd
CVE-2024-56047P3HIGHCVSS 8.8fixed in 1.9.9.5.32024-12-18
CVE-2024-56047 [HIGH] CWE-89 CVE-2024-56047: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
nvd
CVE-2024-56053P3HIGHCVSS 8.8fixed in 1.9.9.5.32024-12-18
CVE-2024-56053 [HIGH] CWE-89 CVE-2024-56053: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
nvd
CVE-2024-56051P3HIGHCVSS 8.8fixed in 1.9.9.52024-12-18
CVE-2024-56051 [HIGH] CWE-94 CVE-2024-56051: Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_pl
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.
nvd
CVE-2024-56048P3HIGHCVSS 8.8fixed in 1.9.9.12024-12-18
CVE-2024-56048 [HIGH] CWE-862 CVE-2024-56048: Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.
nvd
CVE-2024-56055P3HIGHCVSS 8.8fixed in 1.9.9.5.22024-12-18
CVE-2024-56055 [HIGH] CWE-35 CVE-2024-56055: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.Thi
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2025-58668P3CRITICALCVSS 9.8fixed in 4.9712025-09-22
CVE-2025-58668 [CRITICAL] CWE-862 CVE-2025-58668: Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configu
Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970.
nvd
CVE-2024-56045P3CRITICALCVSS 9.3fixed in 1.9.9.52024-12-31
CVE-2024-56045 [CRITICAL] CWE-35 CVE-2024-56045: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.Thi
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.
nvd
CVE-2024-56049P3HIGHCVSS 8.5fixed in 1.9.9.5.22024-12-18
CVE-2024-56049 [HIGH] CWE-35 CVE-2024-56049: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.Thi
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2025-49925P3HIGHCVSS 7.5fixed in 1.9.9.82025-10-22
CVE-2025-49925 [HIGH] CWE-862 CVE-2025-49925: Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
nvd
CVE-2023-36690P4HIGHCVSS 8.8≤ 4.9002023-07-11
CVE-2023-36690 [HIGH] CWE-352 CVE-2023-36690: Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
nvd
1 / 2Next →