WPLMS
by WordPress
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-10139 | 0.08 | — | 0.01 | Jul 19, 2025 | The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin… | |||
| CVE-2023-36690 | 0.00 | — | 0.00 | Jul 11, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions. | |||
| CVE-2021-24504 | 0.00 | — | 0.01 | Aug 2, 2021 | The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either… |
- CVE-2015-10139Jul 19, 2025risk 0.08cvss —epss 0.01
The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin…
- CVE-2023-36690Jul 11, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
- CVE-2021-24504Aug 2, 2021risk 0.00cvss —epss 0.01
The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF and capability checks were in place, allowing such attack to be performed either…