CVE-2025-63035

<= 1.9.9.5.4

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugi

6.5MEDIUM

CVE-2025-53420

<= 1.9.9.8

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugi

7.1HIGH

CVE-2025-49925

< 1.9.9.8

Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by AC

7.5HIGH

CVE-2025-58668

< 4.971

Missing Authorization vulnerability in VibeThemes WPLMS allows Exploiting Incorrectly Configured Access Control Security Le

4.3MEDIUM

CVE-2015-10139

>= 1.5.2 and < 1.8.9

The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJA

8.8HIGH

CVE-2024-56045

< 1.9.9.5

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/

9.3CRITICAL

CVE-2024-56044

< 1.9.9.1

Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypa

9.8CRITICAL

CVE-2024-56043

< 1.9.9.1

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS

9.8CRITICAL

CVE-2024-56046

< 1.9.9.1

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web

10.0CRITICAL

CVE-2024-56042

< 1.9.9.5.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugi

9.3CRITICAL

CVE-2024-56057

< 1.9.9.5.2

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web

9.9CRITICAL

CVE-2024-56055

< 1.9.9.5.2

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/

8.5HIGH

CVE-2024-56054

< 1.9.9.5.2

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web

9.1CRITICAL

CVE-2024-56053

< 1.9.9.5.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugi

7.6HIGH

CVE-2024-56052

< 1.9.9.5.2

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web

9.9CRITICAL

CVE-2024-56051

< 1.9.9.5

Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.Thi

8.5HIGH

CVE-2024-56050

< 1.9.9.5.3

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web

9.9CRITICAL

CVE-2024-56049

< 1.9.9.5.2

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/

8.5HIGH

CVE-2024-56048

< 1.9.9.1

Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by AC

8.8HIGH

CVE-2024-56047

< 1.9.9.5.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugi

8.5HIGH

CVE-2024-10470

< 4.963

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and del

9.8CRITICAL

CVE-2023-36690

<= 4.900

Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.

8.1HIGH