Primary

Context

VibeThemes WPLMS Plugin Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A path traversal vulnerability has been identified in the VibeThemes WPLMS plugin, specifically in versions through 1.9.9.5.4. This vulnerability allows for improper limitation of a pathname, enabling arbitrary file deletion on the affected WordPress sites.

Impact

Exploitation of this vulnerability could lead to arbitrary file deletion, allowing malicious actors to remove files from the website. Deleting core files could disrupt the site's functionality, causing it to break or stop working altogether.

Remediation

Users are advised to update to a version of the VibeThemes WPLMS plugin that is not vulnerable. Patchstack has issued a mitigation rule to block attacks targeting this vulnerability until an official fix is available.

Added: Jan 22, 2026, 8:20 PM

Updated: Jan 22, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.6

remediation

7.9

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.4

exploitability

7.6

remediation

7.9

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VibeThemes WPLMS Plugin Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

VibeThemes WPLMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating