Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPLMS — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in WPLMS, with AI-generated Chinese analysis, references, and POCs.

Vendor: VibeThemes

CVE IDTitleCVSSSeverityPublished
CVE-2025-69097 WordPress WPLMS plugin <= 1.9.9.5.4 - Arbitrary File Deletion vulnerability CWE-22 8.6 High2026-01-22
CVE-2025-63035 WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability CWE-79 6.1AIMediumAI2025-12-09
CVE-2025-53420 WordPress WPLMS plugin <= 1.9.9.8 - Cross Site Scripting (XSS) vulnerability CWE-79 6.1AIMediumAI2025-10-22
CVE-2025-49925 WordPress WPLMS plugin <= 1.9.9.7 - Broken Access Control vulnerability CWE-862 7.5 High2025-10-22
CVE-2025-58668 WordPress WPLMS theme <= 4.970 - Broken Access Control vulnerability CWE-862 4.3 Medium2025-09-22
CVE-2024-56045 WordPress WPLMS plugin < 1.9.9.5 - Unauthenticated Arbitrary Directory Deletion vulnerability CWE-35 9.3 Critical2024-12-31
CVE-2024-56044 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability CWE-288 9.8 Critical2024-12-31
CVE-2024-56043 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability CWE-266 9.8 Critical2024-12-31
CVE-2024-56042 WordPress WPLMS plugin < 1.9.9.5.3 - Unauthenticated SQL Injection vulnerability CWE-89 9.3 Critical2024-12-31
CVE-2024-56046 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability CWE-434 10.0 Critical2024-12-31
CVE-2024-56047 WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ SQL Injection vulnerability CWE-89 8.5 High2024-12-18
CVE-2024-56053 WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability CWE-89 7.6 High2024-12-18
CVE-2024-56048 WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability CWE-862 8.8 High2024-12-18
CVE-2024-56050 WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability CWE-434 9.9 Critical2024-12-18
CVE-2024-56052 WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability CWE-434 9.9 Critical2024-12-18
CVE-2024-56054 WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability CWE-434 9.1 Critical2024-12-18
CVE-2024-56057 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability CWE-434 9.9 Critical2024-12-18
CVE-2024-56049 WordPress WPLMS plugin < 1.9.9.5.2 - Subscriber+ Arbitrary File Deletion vulnerability CWE-35 8.5 High2024-12-18
CVE-2024-56055 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary Directory Deletion vulnerability CWE-35 8.5 High2024-12-18
CVE-2024-56051 WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability CWE-94 8.5 High2024-12-18
CVE-2023-36690 WordPress WPLMS Theme < 4.900 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 8.1 High2023-07-11

All 21 known CVE vulnerabilities affecting WPLMS with full Chinese analysis, references, and POCs where available.