VYPR

WPLMS

by WordPress

CVEs (3)

  • CVE-2015-10139Jul 19, 2025
    risk 0.08cvss epss 0.01

    The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin…

  • CVE-2023-36690Jul 11, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.

  • CVE-2021-24504Aug 2, 2021
    risk 0.00cvss epss 0.01

    The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either…