Wordpress Learning Management System

CVEs (17)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2024-56046	Cri	0.65	10.0	0.01	Dec 31, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9.
CVE-2024-56044	Cri	0.64	9.8	0.00	Dec 31, 2024	Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9.
CVE-2024-56043	Cri	0.64	9.8	0.00	Dec 31, 2024	Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9.
CVE-2024-56057	Cri	0.64	9.9	0.01	Dec 18, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
CVE-2024-56052	Cri	0.64	9.9	0.01	Dec 18, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
CVE-2024-56050	Cri	0.64	9.9	0.01	Dec 18, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
CVE-2024-56045	Cri	0.60	9.3	0.00	Dec 31, 2024	Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.
CVE-2024-56042	Cri	0.60	9.3	0.00	Dec 31, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
CVE-2024-56054	Cri	0.59	9.1	0.01	Dec 18, 2024	Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
CVE-2024-56048	Hig	0.57	8.8	0.01	Dec 18, 2024	Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.
CVE-2024-56055	Hig	0.55	8.5	0.01	Dec 18, 2024	Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
CVE-2024-56051	Hig	0.55	8.5	0.01	Dec 18, 2024	Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.
CVE-2024-56049	Hig	0.55	8.5	0.00	Dec 18, 2024	Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2.
CVE-2024-56047	Hig	0.55	8.5	0.00	Dec 18, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
CVE-2025-49925	Hig	0.49	7.5	0.00	Oct 22, 2025	Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
CVE-2024-56053	Hig	0.49	7.6	0.00	Dec 18, 2024	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.
CVE-2025-58668	Med	0.28	4.3	0.00	Sep 22, 2025	Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970.