vibethemes 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection、vendor risk cross-site scripting、vendor risk csrf, and パス処理の欠陥 があり、vendor surface production workloads の利用場面で vendor impact session compromise、vendor impact data exposure, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-63035 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. | [email protected] | 6.5 | 0.03% | 2025-12-09 | 2026-01-30 |
| CVE-2025-53420 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows Reflected XSS.This issue affects WPLMS: from n/a through <= 1.9.9.8. | [email protected] | 7.1 | 0.06% | 2025-10-22 | 2026-01-20 |
| CVE-2025-49925 | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | [email protected] | 7.5 | 0.04% | 2025-10-22 | 2026-04-27 |
| CVE-2025-58668 | Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970. | [email protected] | 4.3 | 0.07% | 2025-09-22 | 2026-04-23 |
| CVE-2015-10139 | The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account. | [email protected] | 8.8 | 67.72% | 2025-07-19 | 2025-12-16 |
| CVE-2024-56045 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5. | [email protected] | 9.3 | 0.20% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56044 | Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9. | [email protected] | 9.8 | 0.15% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56043 | Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9. | [email protected] | 9.8 | 0.20% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56046 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9. | [email protected] | 10.0 | 0.75% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56042 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | [email protected] | 9.3 | 0.29% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56057 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 9.9 | 0.89% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56055 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 8.5 | 0.54% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56054 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 9.1 | 0.55% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56053 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | [email protected] | 7.6 | 0.28% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56052 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 9.9 | 0.89% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56051 | Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.This issue affects WPLMS: from n/a through < 1.9.9.5. | [email protected] | 8.5 | 0.70% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56050 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | [email protected] | 9.9 | 0.89% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56049 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 8.5 | 0.29% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56048 | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9. | [email protected] | 8.8 | 0.63% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56047 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | [email protected] | 8.5 | 0.33% | 2024-12-18 | 2026-04-23 |