VYPR

WPLMS

by Vibethemes

CVEs (7)

  • CVE-2015-10139HigJul 19, 2025
    risk 0.60cvss 8.8epss 0.01

    The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin…

  • CVE-2025-69097HigJan 22, 2026
    risk 0.56cvss 8.6epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through <= 1.9.9.5.4.

  • CVE-2023-36690HigJul 11, 2023
    risk 0.53cvss 8.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.

  • CVE-2025-49925HigOct 22, 2025
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.

  • CVE-2025-58668MedSep 22, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970.

  • CVE-2025-63035Dec 9, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through <= 1.9.9.5.4.

  • CVE-2025-53420Oct 22, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows Reflected XSS.This issue affects WPLMS: from n/a through <= 1.9.9.8.

VYPR — Vulnerability Intelligence