Wordpress Learning Management System CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (19 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-56045	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	9.3 Critical
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.
CVE-2025-49925	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	7.3 High
Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
CVE-2024-56047	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVE-2024-56048	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	8.8 High
Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9.
CVE-2024-56049	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	8.5 High
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVE-2024-56050	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVE-2024-56051	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	8.5 High
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5.
CVE-2024-56052	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVE-2024-56053	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVE-2024-56054	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	9.1 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVE-2024-56055	2 Vibethemes, Wordpress	2 Wordpress Learning Management System , Wordpress	2025-12-12	8.5 High
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVE-2024-56057	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVE-2024-56042	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
CVE-2024-56046	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.
CVE-2024-56043	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	9.8 Critical
Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9.
CVE-2025-58668	2 Vibethemes, Wordpress	2 Wordpress Learning Management System, Wordpress	2025-12-12	4.3 Medium
Missing Authorization vulnerability in VibeThemes WPLMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLMS : from n/a through 4.970.
CVE-2025-63035	2 Vibethemes, Wordpress	2 Wordpress Learning Management System , Wordpress	2025-12-12	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VibeThemes WPLMS wplms_plugin allows DOM-Based XSS.This issue affects WPLMS: from n/a through <= 1.9.9.5.4.
CVE-2023-36690	1 Vibethemes	1 Wordpress Learning Management System	2024-11-21	8.1 High
Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
CVE-2024-10470	1 Vibethemes	1 Wordpress Learning Management System	2024-11-12	9.8 Critical
The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated.

Page 1 of 1.