CVE-2015-10139
WPLMS Learning Management System for WordPress, WordPress LMS <= 1.8.4.1 - Privilege Escalation
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account.
| CWE | CWE-269 |
| Vendor | vibethemes |
| Product | wplms learning management system for wordpress, wordpress lms |
| Published | Jul 19, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for vibethemes wplms learning management system for wordpress, wordpress lms
Be the first to know when new high vulnerabilities affecting vibethemes wplms learning management system for wordpress, wordpress lms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
VibeThemes / WPLMS Learning Management System for WordPress, WordPress LMS
0 โค 1.8.4.1
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/6e0e8f5f-8216-4276-a810-860f9b52c447?source=cve packetstormsecurity.com: https://packetstormsecurity.com/files/130291/ rapid7.com: https://www.rapid7.com/db/modules/auxiliary/admin/http/wp_wplms_privilege_escalation/ twitter.com: https://twitter.com/_wpscan_/status/564874637679820800?lang=ca wpscan.com: https://wpscan.com/vulnerability/7785 themeforest.net: https://themeforest.net/item/wplms-learning-management-system/6780226
Credits
Evex