CVE-2015-10139

Published: Jul 19, 2025Modified: Dec 16, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: security@wordfence.com (Secondary)

Description

The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account.

Affected (1)

Products: Vibethemes: Wordpress Learning Management System

1 product

Wordpress Learning Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vibethemes Wordpress Learning Management System	From 1.5.2 to 1.8.9

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://packetstormsecurity.com/files/130291/

Source: security@wordfence.com

ExploitThird Party Advisory

https://themeforest.net/item/wplms-learning-management-system/6780226

Source: security@wordfence.com

Product

https://twitter.com/_wpscan_/status/564874637679820800?lang=ca

Source: security@wordfence.com

Broken Link

https://wpscan.com/vulnerability/7785

Source: security@wordfence.com

Broken Link

https://www.rapid7.com/db/modules/auxiliary/admin/http/wp_wplms_privilege_escalation/

Source: security@wordfence.com

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/6e0e8f5f-8216-4276-a810-860f9b52c447?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.