Cross-Site Scripting Vulnerability in VibeThemes WPLMS Product
CVE-2025-63035
6.5MEDIUM
What is CVE-2025-63035?
The vulnerability in the VibeThemes WPLMS plugin arises from improper handling of input during web page generation, enabling an attacker to execute malicious scripts in the browser of unsuspecting users. This security flaw primarily impacts the plugin versions up to 1.9.9.5.4, making it crucial for users to implement appropriate security measures to safeguard their websites against potential exploits.
Affected Version(s)
WPLMS <= n/a
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program