Vibethemes

vibethemes

25 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Wordpress Learning Management System

wordpress_learning_management_system

Bp Social Connect

bp_social_connect

Wordpress Learning Management System

wordpress_learning_management_system_

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-10470 1Vibethemes 1Wordpress Learning Management System Dec 23, 2025 Nov 9, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and...Show more The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated.Show less
CVE-2023-22672 1Vibethemes 1Vslider Nov 21, 2024 Jul 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.
CVE-2023-36690 1Vibethemes 1Wordpress Learning Management System Dec 15, 2025 Jul 11, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.
CVE-2023-2704 1Vibethemes 1Bp Social Connect Apr 8, 2026 May 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through...Show more The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.Show less
CVE-2023-25797 1Vibethemes 1Vslider Jan 16, 2026 May 3, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.