Where should operators start on this Theme hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Theme Vulnerability Hub

Theme 18 known issues Latest disclosed Sep 22, 2025

WPLMS Learning Management System for WordPress, WordPress LMS Vulnerabilities

Q: How many WPLMS Learning Management System for WordPress, WordPress LMS vulnerabilities have patch guidance?

18 of 18 tracked WPLMS Learning Management System for WordPress, WordPress LMS records include a published patch path.

Review known vulnerability records for the WordPress theme WPLMS Learning Management System for WordPress, WordPress LMS (`wplms`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-58668, CVE-2024-56043 and CVE-2024-56044, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Feb 26, 2026

Priority CVE Quick Links

Fast paths into WPLMS Learning Management System for WordPress, WordPress LMS CVE reports

Start with the highest-signal CVE records for this WordPress theme before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-56043 Critical 1.9.9.1

CVE-2024-56043 WPLMS Learning Management System for WordPress, WordPress LMS Privilege Escalation

WPLMS <= 1.9.9 - Unauthenticated Privilege Escalation

CVE-2024-56046 Critical 1.9.9.1

CVE-2024-56046 WPLMS Learning Management System for WordPress, WordPress LMS Remote Code Execution

WPLMS <= 1.9.9 - Unauthenticated Arbitrary File Upload

CVE-2024-10470 Critical 4.963

CVE-2024-10470 WPLMS Learning Management System for WordPress, WordPress LMS Remote Code Execution

WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion

CVE-2024-56048 High 1.9.9.1

CVE-2024-56048 WPLMS Learning Management System for WordPress, WordPress LMS Privilege Escalation

WPLMS <= 1.9.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

CVE-2024-56050 High 1.9.9.5.3

CVE-2024-56050 WPLMS Learning Management System for WordPress, WordPress LMS Remote Code Execution

WPLMS < 1.9.9.5.3 - Authenticated (Subscriber+) Arbitrary File Upload

CVE-2024-56052 High 1.9.9.5.2

CVE-2024-56052 WPLMS Learning Management System for WordPress, WordPress LMS Remote Code Execution

WPLMS < 1.9.9.5.2 - Authenticated (Student+) Arbitrary File Upload

CVE-2024-56054 High 1.9.9.5.2

CVE-2024-56054 WPLMS Learning Management System for WordPress, WordPress LMS Remote Code Execution

WPLMS < 1.9.9.5.2 - Authenticated (Instructor+) Arbitrary File Upload

CVE-2024-56057 High 1.9.9.5.2

CVE-2024-56057 WPLMS Learning Management System for WordPress, WordPress LMS Remote Code Execution

WPLMS < 1.9.9.5.2 - Authenticated (Contributor+) Arbitrary File Upload

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for WPLMS Learning Management System for WordPress, WordPress LMS so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

18 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

3 critical and 10 high severity findings.

Recent CVEs

CVE-2025-58668, CVE-2024-56043 and CVE-2024-56044

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-58668 Medium Patch path listed

CVE-2025-58668: WPLMS <= 4.970 - Missing Authorization

The WPLMS theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.970. This makes it possible for authent...

Published

Sep 22, 2025

Patch Status

4.971

Open CVE-2025-58668 Report

CVE-2024-56043 Critical Patch path listed

CVE-2024-56043: WPLMS <= 1.9.9 - Unauthenticated Privilege Escalation

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.9. This makes it possibl...

Published

Dec 17, 2024

Patch Status

1.9.9.1

Open CVE-2024-56043 Report

CVE-2024-56044 Medium Patch path listed

CVE-2024-56044: WPLMS <= 1.9.9 - Missing Authorization to Unauthenticated User Token Generation

The WPLMS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.9.9. This makes it possible for un...

Published

Dec 17, 2024

Patch Status

1.9.9.1

Open CVE-2024-56044 Report

Known Vulnerabilities

Reports for WPLMS Learning Management System for WordPress, WordPress LMS

Sorted by latest disclosure date so newly published issues surface first.

Theme Medium Patched: Yes CVE-2025-58668

CVE-2025-58668: WPLMS <= 4.970 - Missing Authorization

The WPLMS theme for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.970. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized actio...

Published

Sep 22, 2025

Patched Release

4.971

Affected Versions

Versions up to 4.970

Next Step

Update to 4.971 or newer if supported.

Open CVE-2025-58668 Report Open CVE Reference

Theme Critical Patched: Yes CVE-2024-56043

CVE-2024-56043: WPLMS <= 1.9.9 - Unauthenticated Privilege Escalation

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to gain elevated access to a site.

Published

Dec 17, 2024

Patched Release

1.9.9.1

Affected Versions

Versions up to 1.9.9

Next Step

Update to 1.9.9.1 or newer if supported.

Open CVE-2024-56043 Report Open CVE Reference

Theme Medium Patched: Yes CVE-2024-56044

CVE-2024-56044: WPLMS <= 1.9.9 - Missing Authorization to Unauthenticated User Token Generation

The WPLMS plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to generate arbitrary user tokens.

Published

Dec 17, 2024

Patched Release

1.9.9.1

Affected Versions

Versions up to 1.9.9

Next Step

Update to 1.9.9.1 or newer if supported.

Open CVE-2024-56044 Report Open CVE Reference

Theme High Patched: Yes CVE-2024-56045

CVE-2024-56045: WPLMS < 1.9.9.5 - Unauthenticated Arbitrary Directory Deletion

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in all versions up to 1.9.9.5 (exclusive). This makes it possible for unauthenticated attackers to delete a...

Published

Dec 17, 2024

Patched Release

1.9.9.5

Affected Versions

Versions before 1.9.9.5

Next Step

Update to 1.9.9.5 or newer if supported.

Open CVE-2024-56045 Report Open CVE Reference

Theme Critical Patched: Yes CVE-2024-56046

CVE-2024-56046: WPLMS <= 1.9.9 - Unauthenticated Arbitrary File Upload

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary...

Published

Dec 17, 2024

Patched Release

1.9.9.1

Affected Versions

Versions up to 1.9.9

Next Step

Update to 1.9.9.1 or newer if supported.

Open CVE-2024-56046 Report Open CVE Reference

Theme Medium Patched: Yes CVE-2024-56047

CVE-2024-56047: WPLMS < 1.9.9.5.3 - Authenticated (Subscriber+) SQL Injection

The WPLMS plugin for WordPress is vulnerable to SQL Injection in versions up to 1.9.9.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-...

Published

Dec 17, 2024

Patched Release

1.9.9.5.3

Affected Versions

Versions before 1.9.9.5.3

Next Step

Update to 1.9.9.5.3 or newer if supported.

Open CVE-2024-56047 Report Open CVE Reference

Theme High Patched: Yes CVE-2024-56048

CVE-2024-56048: WPLMS <= 1.9.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check in all versions up to, and including, 1.9.9. This makes it possible for...

Published

Dec 17, 2024

Patched Release

1.9.9.1

Affected Versions

Versions up to 1.9.9

Next Step

Update to 1.9.9.1 or newer if supported.

Open CVE-2024-56048 Report Open CVE Reference

Theme High Patched: Yes CVE-2024-56049

CVE-2024-56049: WPLMS < 1.9.9.5.2 - Authenticated (Subscriber+) Arbitrary File Deletion

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in in all versions up to 1.9.9.5.2 (exclusive). This makes it possible for authenticated attackers, with Subscri...

Published

Dec 17, 2024

Patched Release

1.9.9.5.2

Affected Versions

Versions before 1.9.9.5.2

Next Step

Update to 1.9.9.5.2 or newer if supported.

Open CVE-2024-56049 Report Open CVE Reference

Theme High Patched: Yes CVE-2024-56050

CVE-2024-56050: WPLMS < 1.9.9.5.3 - Authenticated (Subscriber+) Arbitrary File Upload

The WPLMS plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.9.9.5.3 (exclusive). This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the aff...

Published

Dec 17, 2024

Patched Release

1.9.9.5.3

Affected Versions

Versions before 1.9.9.5.3

Next Step

Update to 1.9.9.5.3 or newer if supported.

Open CVE-2024-56050 Report Open CVE Reference

Theme High Patched: Yes CVE-2024-56052

CVE-2024-56052: WPLMS < 1.9.9.5.2 - Authenticated (Student+) Arbitrary File Upload

The WPLMS plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.9.9.5.2 (exclusive). This makes it possible for authenticated attackers, with student-level access and above, to upload arbitrary files on the affect...

Published

Dec 17, 2024

Patched Release

1.9.9.5.2

Affected Versions

Versions before 1.9.9.5.2

Next Step

Update to 1.9.9.5.2 or newer if supported.

Open CVE-2024-56052 Report Open CVE Reference

Theme High Patched: Yes CVE-2024-56054

CVE-2024-56054: WPLMS < 1.9.9.5.2 - Authenticated (Instructor+) Arbitrary File Upload

The WPLMS plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to 1.9.9.5.2 (exclusive). This makes it possible for authenticated attackers, with instructor-level access and above, to upload arbitrary files on the aff...

Published

Dec 17, 2024

Patched Release

1.9.9.5.2

Affected Versions

Versions before 1.9.9.5.2

Next Step

Update to 1.9.9.5.2 or newer if supported.

Open CVE-2024-56054 Report Open CVE Reference

Theme High Patched: Yes CVE-2024-56055

CVE-2024-56055: WPLMS < 1.9.9.5.2 - Authenticated (Contributor+) Arbitrary Directory Deletion

The WPLMS plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to 1.9.9.5.2 (exclusive). This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary directori...

Published

Dec 17, 2024

Patched Release

1.9.9.5.2

Affected Versions

Versions before 1.9.9.5.2

Next Step

Update to 1.9.9.5.2 or newer if supported.

Open CVE-2024-56055 Report Open CVE Reference