Vendor
Vibethemes
Products
2
CVEs
18
Across products
18
Status
Private
Products
2- 17 CVEs
- 1 CVE
Recent CVEs
18| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56046 | Cri | 0.65 | 10.0 | 0.01 | Dec 31, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9. | |
| CVE-2024-56044 | Cri | 0.64 | 9.8 | 0.00 | Dec 31, 2024 | Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9. | |
| CVE-2024-56043 | Cri | 0.64 | 9.8 | 0.00 | Dec 31, 2024 | Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9. | |
| CVE-2024-56057 | Cri | 0.64 | 9.9 | 0.01 | Dec 18, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |
| CVE-2024-56052 | Cri | 0.64 | 9.9 | 0.01 | Dec 18, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |
| CVE-2024-56050 | Cri | 0.64 | 9.9 | 0.01 | Dec 18, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | |
| CVE-2023-2704 | Cri | 0.64 | 9.8 | 0.00 | May 19, 2023 | The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | |
| CVE-2024-56045 | Cri | 0.60 | 9.3 | 0.00 | Dec 31, 2024 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5. | |
| CVE-2024-56042 | Cri | 0.60 | 9.3 | 0.00 | Dec 31, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | |
| CVE-2024-56054 | Cri | 0.59 | 9.1 | 0.01 | Dec 18, 2024 | Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |
| CVE-2024-56048 | Hig | 0.57 | 8.8 | 0.01 | Dec 18, 2024 | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9. | |
| CVE-2024-56055 | Hig | 0.55 | 8.5 | 0.01 | Dec 18, 2024 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |
| CVE-2024-56051 | Hig | 0.55 | 8.5 | 0.01 | Dec 18, 2024 | Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows Code Injection.This issue affects WPLMS: from n/a through < 1.9.9.5. | |
| CVE-2024-56049 | Hig | 0.55 | 8.5 | 0.00 | Dec 18, 2024 | Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a through < 1.9.9.5.2. | |
| CVE-2024-56047 | Hig | 0.55 | 8.5 | 0.00 | Dec 18, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | |
| CVE-2025-49925 | Hig | 0.49 | 7.5 | 0.00 | Oct 22, 2025 | Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7. | |
| CVE-2024-56053 | Hig | 0.49 | 7.6 | 0.00 | Dec 18, 2024 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3. | |
| CVE-2025-58668 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | Missing Authorization vulnerability in VibeThemes WPLMS wplms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLMS : from n/a through <= 4.970. |