Authentication Bypass in VibeThemes WPLMS Affected
CVE-2024-56044

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WPlms
Vendor: CVE Published:; 31 December 2024

Summary

A vulnerability exists within the WPLMS product from VibeThemes, which allows an attacker to bypass authentication through an alternate path or channel. This weakness enables unauthorized users to gain access to functionalities that should be restricted. Affected versions range from the initial release up to 1.9.9, posing a significant risk to any installation that has not yet applied remedial measures. Administrators are strongly advised to review their current configurations and apply necessary updates to mitigate potential exposure to this issue.

Affected Version(s)

WPLMS <= 1.9.9

References

https://patchstack.com/database/wordpress/plugin/wplms-pl...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Rafie Muhammad (Patchstack)