Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

VibeThemes — Vulnerabilities & Security Advisories 28

Browse all 28 CVE security advisories affecting VibeThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vibethemes operates as a digital marketplace specializing in WordPress themes and plugins, primarily targeting e-commerce and business sectors. Security audits have identified twenty-eight distinct Common Vulnerabilities and Exposures (CVEs) associated with its products, indicating a persistent pattern of insecure coding practices. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and improper sanitization of user-supplied data. Additionally, several instances of broken access control and privilege escalation have been documented, allowing unauthorized users to manipulate administrative functions. While the company has released patches for critical issues, the high volume of disclosed flaws suggests systemic weaknesses in their development lifecycle. These incidents highlight significant risks for organizations relying on Vibethemes solutions without rigorous third-party security testing or timely update protocols.

Top products by VibeThemes: WPLMS VibeBP BP Social Connect WPLMS Learning Management System for WordPress, WordPress LMS
CVE IDTitleCVSSSeverityPublished
CVE-2025-69097 WordPress WPLMS plugin <= 1.9.9.5.4 - Arbitrary File Deletion vulnerability — WPLMSCWE-22 8.6 High2026-01-22
CVE-2025-63035 WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability — WPLMSCWE-79 6.5 Medium2025-12-09
CVE-2025-53420 WordPress WPLMS plugin <= 1.9.9.8 - Cross Site Scripting (XSS) vulnerability — WPLMSCWE-79 7.1 High2025-10-22
CVE-2025-49925 WordPress WPLMS plugin <= 1.9.9.7 - Broken Access Control vulnerability — WPLMSCWE-862 7.5 High2025-10-22
CVE-2025-58668 WordPress WPLMS theme <= 4.970 - Broken Access Control vulnerability — WPLMSCWE-862 4.3 Medium2025-09-22
CVE-2015-10139 WPLMS Learning Management System for WordPress, WordPress LMS <= 1.8.4.1 - Privilege Escalation — WPLMS Learning Management System for WordPress, WordPress LMSCWE-269 8.8 High2025-07-19
CVE-2025-32493 WordPress BP Social Connect plugin <= 1.6.2 - Cross Site Scripting (XSS) Vulnerability — BP Social ConnectCWE-79 5.9 Medium2025-04-09
CVE-2024-56045 WordPress WPLMS plugin < 1.9.9.5 - Unauthenticated Arbitrary Directory Deletion vulnerability — WPLMSCWE-35 9.3 Critical2024-12-31
CVE-2024-56044 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability — WPLMSCWE-288 9.8 Critical2024-12-31
CVE-2024-56043 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability — WPLMSCWE-266 9.8 Critical2024-12-31
CVE-2024-56040 WordPress VibeBP plugin <= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability — VibeBPCWE-266 9.8 Critical2024-12-31
CVE-2024-56042 WordPress WPLMS plugin < 1.9.9.5.3 - Unauthenticated SQL Injection vulnerability — WPLMSCWE-89 9.3 Critical2024-12-31
CVE-2024-56041 WordPress VibeBP plugin < 1.9.9.5.1 - SQL Injection vulnerability — VibeBPCWE-89 8.5 High2024-12-31
CVE-2024-56039 WordPress VibeBP plugin < 1.9.9.7.7 - Unauthenticated SQL Injection vulnerability — VibeBPCWE-89 9.3 Critical2024-12-31
CVE-2024-56046 WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability — WPLMSCWE-434 10.0 Critical2024-12-31
CVE-2024-56047 WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ SQL Injection vulnerability — WPLMSCWE-89 8.5 High2024-12-18
CVE-2024-56053 WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability — WPLMSCWE-89 7.6 High2024-12-18
CVE-2024-56048 WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability — WPLMSCWE-862 8.8 High2024-12-18
CVE-2024-56050 WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability — WPLMSCWE-434 9.9 Critical2024-12-18
CVE-2024-56052 WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability — WPLMSCWE-434 9.9 Critical2024-12-18
CVE-2024-56054 WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability — WPLMSCWE-434 9.1 Critical2024-12-18
CVE-2024-56057 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability — WPLMSCWE-434 9.9 Critical2024-12-18
CVE-2024-56049 WordPress WPLMS plugin < 1.9.9.5.2 - Subscriber+ Arbitrary File Deletion vulnerability — WPLMSCWE-35 8.5 High2024-12-18
CVE-2024-56055 WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary Directory Deletion vulnerability — WPLMSCWE-35 8.5 High2024-12-18
CVE-2024-56051 WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability — WPLMSCWE-94 8.5 High2024-12-18
CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion — WPLMS Learning Management System for WordPress, WordPress LMSCWE-22 9.8 Critical2024-11-09
CVE-2023-36690 WordPress WPLMS Theme < 4.900 is vulnerable to Cross Site Request Forgery (CSRF) — WPLMSCWE-352 8.1 High2023-07-11
CVE-2023-2704 BP Social Connect <= 1.5 - Authentication Bypass — BP Social ConnectCWE-288 9.8 Critical2023-05-19

This page lists every published CVE security advisory associated with VibeThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.