Path Traversal Vulnerability in VibeThemes WPLMS Plugin
CVE-2024-56045

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: WPlms
Vendor: CVE Published:; 31 December 2024

What is CVE-2024-56045?

A vulnerability in the VibeThemes WPLMS Plugin allows attackers to perform a Path Traversal attack, enabling unauthorized access to sensitive files and directories within the web application. This issue affects all versions of the WPLMS Plugin before version 1.9.9.5, potentially compromising the integrity of the website and user data. It is crucial for site administrators to update their WPLMS Plugin to the latest version to safeguard against potential exploitation.

Affected Version(s)

WPLMS < 1.9.9.5

References

https://patchstack.com/database/wordpress/plugin/wplms-pl...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Rafie Muhammad (Patchstack)

WordPress

What is CVE-2024-56045?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit