Aggregates CVE and security vulnerability intelligence across all vibethemes-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, vendor risk csrf, and vendor risk path handling and related problems; some flaws may lead to vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-63035 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through <= 1.9.9.5.4. | [email protected] | 6.5 | 0.03% | 2025-12-09 | 2026-01-30 |
| CVE-2025-53420 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows Reflected XSS.This issue affects WPLMS: from n/a through <= 1.9.9.8. | [email protected] | 7.1 | 0.06% | 2025-10-22 | 2026-01-20 |
| CVE-2025-49925 | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | [email protected] | 7.5 | 0.04% | 2025-10-22 | 2026-04-27 |
| CVE-2025-58668 | Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970. | [email protected] | 4.3 | 0.05% | 2025-09-22 | 2026-04-23 |
| CVE-2015-10139 | The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account. | [email protected] | 8.8 | 67.72% | 2025-07-19 | 2025-12-16 |
| CVE-2024-56045 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5. | [email protected] | 9.3 | 0.20% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56044 | Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9. | [email protected] | 9.8 | 0.15% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56043 | Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9. | [email protected] | 9.8 | 0.20% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56046 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9. | [email protected] | 10.0 | 0.75% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56042 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | [email protected] | 9.3 | 0.29% | 2024-12-31 | 2026-04-23 |
| CVE-2024-56057 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 9.9 | 0.89% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56055 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 8.5 | 0.54% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56054 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 9.1 | 0.55% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56053 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | [email protected] | 7.6 | 0.28% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56052 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 9.9 | 0.89% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56051 | Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.This issue affects WPLMS: from n/a through < 1.9.9.5. | [email protected] | 8.5 | 0.70% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56050 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | [email protected] | 9.9 | 0.89% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56049 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | [email protected] | 8.5 | 0.29% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56048 | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9. | [email protected] | 8.8 | 0.63% | 2024-12-18 | 2026-04-23 |
| CVE-2024-56047 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | [email protected] | 8.5 | 0.33% | 2024-12-18 | 2026-04-23 |