Authentication Bypass in VibeThemes WPLMS Affected
CVE-2024-56044

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WPlms
Vendor: CVE Published:; 31 December 2024

What is CVE-2024-56044?

A vulnerability exists within the WPLMS product from VibeThemes, which allows an attacker to bypass authentication through an alternate path or channel. This weakness enables unauthorized users to gain access to functionalities that should be restricted. Affected versions range from the initial release up to 1.9.9, posing a significant risk to any installation that has not yet applied remedial measures. Administrators are strongly advised to review their current configurations and apply necessary updates to mitigate potential exposure to this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WPLMS <= 1.9.9

References

https://patchstack.com/database/wordpress/plugin/wplms-pl...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Rafie Muhammad (Patchstack)

JSON

WordPress

What is CVE-2024-56044?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.