Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

VibeThemes — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting VibeThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products VibeThemes:WPLMSVibeBPBP Social ConnectWPLMS Learning Management System for WordPress, WordPress LMS
CVE IDTitleCVSSSeverityPaused
CVE-2025-69097 WordPress WPLMS plugin <= 1.9.9.5.4 - Arbitrary File Deletion vulnerability — WPLMSCWE-22 8.6 High2026-01-22
CVE-2025-63035 WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability — WPLMSCWE-79 6.1AIMediumAI2025-12-09
CVE-2025-53420 WordPress WPLMS plugin <= 1.9.9.8 - Cross Site Scripting (XSS) vulnerability — WPLMSCWE-79 6.1AIMediumAI2025-10-22
CVE-2025-49925 WordPress WPLMS plugin <= 1.9.9.7 - Broken Access Control vulnerability — WPLMSCWE-862 7.5 High2025-10-22
CVE-2025-58668 WordPress WPLMS theme <= 4.970 - Broken Access Control vulnerability — WPLMSCWE-862 4.3 Medium2025-09-22
CVE-2015-10139 WPLMS Learning Management System for WordPress, WordPress LMS <= 1.8.4.1 - Privilege Escalation — WPLMS Learning Management System for WordPress, WordPress LMSCWE-269 8.8 High2025-07-19
CVE-2025-32493 WordPress BP Social Connect plugin <= 1.6.2 - Cross Site Scripting (XSS) Vulnerability — BP Social ConnectCWE-79 5.9 Medium2025-04-09
CVE-2024-56045 WordPress WPLMS plugin < 1.9.9.5 - Unauthenticated Arbitrary Directory Deletion vulnerability — WPLMSCWE-35 9.3 Critical2024-12-31
CVE-2024-56044 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability — WPLMSCWE-288 9.8 Critical2024-12-31
CVE-2024-56043 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability — WPLMSCWE-266 9.8 Critical2024-12-31
CVE-2024-56040 WordPress VibeBP plugin <= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability — VibeBPCWE-266 9.8 Critical2024-12-31
CVE-2024-56042 WordPress WPLMS plugin < 1.9.9.5.3 - Unauthenticated SQL Injection vulnerability — WPLMSCWE-89 9.3 Critical2024-12-31
CVE-2024-56041 WordPress VibeBP plugin < 1.9.9.5.1 - SQL Injection vulnerability — VibeBPCWE-89 8.5 High2024-12-31
CVE-2024-56039 WordPress VibeBP plugin < 1.9.9.7.7 - Unauthenticated SQL Injection vulnerability — VibeBPCWE-89 9.3 Critical2024-12-31
CVE-2024-56046 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability — WPLMSCWE-434 10.0 Critical2024-12-31
CVE-2024-56047 WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ SQL Injection vulnerability — WPLMSCWE-89 8.5 High2024-12-18
CVE-2024-56053 WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability — WPLMSCWE-89 7.6 High2024-12-18
CVE-2024-56048 WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability — WPLMSCWE-862 8.8 High2024-12-18
CVE-2024-56050 WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability — WPLMSCWE-434 9.9 Critical2024-12-18
CVE-2024-56052 WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability — WPLMSCWE-434 9.9 Critical2024-12-18
CVE-2024-56054 WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability — WPLMSCWE-434 9.1 Critical2024-12-18
CVE-2024-56057 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability — WPLMSCWE-434 9.9 Critical2024-12-18
CVE-2024-56049 WordPress WPLMS plugin < 1.9.9.5.2 - Subscriber+ Arbitrary File Deletion vulnerability — WPLMSCWE-35 8.5 High2024-12-18
CVE-2024-56055 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary Directory Deletion vulnerability — WPLMSCWE-35 8.5 High2024-12-18
CVE-2024-56051 WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability — WPLMSCWE-94 8.5 High2024-12-18
CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion — WPLMS Learning Management System for WordPress, WordPress LMSCWE-22 9.8 Critical2024-11-09
CVE-2023-36690 WordPress WPLMS Theme < 4.900 is vulnerable to Cross Site Request Forgery (CSRF) — WPLMSCWE-352 8.1 High2023-07-11
CVE-2023-2704 BP Social Connect <= 1.5 - Authentication Bypass — BP Social ConnectCWE-288 9.8 Critical2023-05-19

This page lists every published CVE security advisory associated with VibeThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.