WordPress: Privilege Escalation via Unprotected AJAX Action in WPLMS Theme Plugin

In WPLMS theme for WordPress versions 1.5.2 to 1.8.4.1 a high severity vulnerability CVE-2015-10139 was detected. This vulnerability allows authenticated attackers to escalate privileges by exploiting the unprotected wp_ajax_import_data AJAX action, enabling them to modify restricted settings and potentially create a new administrator account. To address this issue, users should upgrade WPLMS theme to versions 1.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2015-10139.