cbcvebase.

Vibethemes Wplms vulnerabilities

21 known vulnerabilities affecting vibethemes/wplms.

Total CVEs
21
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH14MEDIUM1

Vulnerabilities

Page 1 of 2
CVE-2024-56046P2CRITICALCVSS 9.8≤ 1.9.92024-12-31
CVE-2024-56046 [CRITICAL] CWE-434 CVE-2024-56046: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9.
nvd
CVE-2024-56044P3CRITICALCVSS 9.8≤ 1.9.92024-12-31
CVE-2024-56044 [CRITICAL] CWE-288 CVE-2024-56044: Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plu Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9.
nvd
CVE-2024-56042P2CRITICALCVSS 9.8≤ 1.9.9.5.32024-12-31
CVE-2024-56042 [CRITICAL] CWE-89 CVE-2024-56042: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
nvd
CVE-2024-56050P2HIGHCVSS 8.8≤ 1.9.9.5.32024-12-18
CVE-2024-56050 [HIGH] CWE-434 CVE-2024-56050: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
nvd
CVE-2024-56052P2HIGHCVSS 8.8≤ 1.9.9.5.22024-12-18
CVE-2024-56052 [HIGH] CWE-434 CVE-2024-56052: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2024-56054P3HIGHCVSS 8.8≤ 1.9.9.5.22024-12-18
CVE-2024-56054 [HIGH] CWE-434 CVE-2024-56054: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2024-56057P2HIGHCVSS 8.8≤ 1.9.9.5.22024-12-18
CVE-2024-56057 [HIGH] CWE-434 CVE-2024-56057: Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allow Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2024-56043P3CRITICALCVSS 9.8≤ 1.9.92024-12-31
CVE-2024-56043 [CRITICAL] CWE-266 CVE-2024-56043: Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escal Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9.
nvd
CVE-2024-56047P3HIGHCVSS 8.8≤ 1.9.9.5.32024-12-18
CVE-2024-56047 [HIGH] CWE-89 CVE-2024-56047: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
nvd
CVE-2024-56053P3HIGHCVSS 8.8≤ 1.9.9.5.32024-12-18
CVE-2024-56053 [HIGH] CWE-89 CVE-2024-56053: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
nvd
CVE-2024-56051P3HIGHCVSS 8.8≤ 1.9.9.52024-12-18
CVE-2024-56051 [HIGH] CWE-94 CVE-2024-56051: Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_pl Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.
nvd
CVE-2024-56048P3HIGHCVSS 8.8≤ 1.9.92024-12-18
CVE-2024-56048 [HIGH] CWE-862 CVE-2024-56048: Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.
nvd
CVE-2024-56055P3HIGHCVSS 8.8≤ 1.9.9.5.22024-12-18
CVE-2024-56055 [HIGH] CWE-35 CVE-2024-56055: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.Thi Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2025-58668P3CRITICALCVSS 9.8≤ 4.9702025-09-22
CVE-2025-58668 [CRITICAL] CWE-862 CVE-2025-58668: Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configu Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970.
nvd
CVE-2024-56045P3CRITICALCVSS 9.3≤ 1.9.9.52024-12-31
CVE-2024-56045 [CRITICAL] CWE-35 CVE-2024-56045: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.Thi Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.
nvd
CVE-2025-69097P3HIGHCVSS 8.6≤ 1.9.9.5.42026-01-22
CVE-2025-69097 [HIGH] CWE-22 CVE-2025-69097: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vibe Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4.
nvd
CVE-2024-56049P3HIGHCVSS 8.5≤ 1.9.9.5.22024-12-18
CVE-2024-56049 [HIGH] CWE-35 CVE-2024-56049: Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.Thi Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
nvd
CVE-2025-49925P3HIGHCVSS 7.5≤ 1.9.9.72025-10-22
CVE-2025-49925 [HIGH] CWE-862 CVE-2025-49925: Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
nvd
CVE-2023-36690P4HIGHCVSS 8.8≥ n/a, < 4.9002023-07-11
CVE-2023-36690 [HIGH] CWE-352 CVE-2023-36690: Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions. Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
nvd
CVE-2025-53420P4HIGHCVSS 7.1≤ 1.9.9.82025-10-22
CVE-2025-53420 [HIGH] CWE-79 CVE-2025-53420: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows Reflected XSS.This issue affects WPLMS: from n/a through <= 1.9.9.8.
nvd
Vibethemes Wplms vulnerabilities | cvebase