Path Traversal Vulnerability in VibeThemes WPLMS Plugin
CVE-2024-56045

9.3CRITICAL

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
31 December 2024

What is CVE-2024-56045?

A vulnerability in the VibeThemes WPLMS Plugin allows attackers to perform a Path Traversal attack, enabling unauthorized access to sensitive files and directories within the web application. This issue affects all versions of the WPLMS Plugin before version 1.9.9.5, potentially compromising the integrity of the website and user data. It is crucial for site administrators to update their WPLMS Plugin to the latest version to safeguard against potential exploitation.

Affected Version(s)

WPLMS < 1.9.9.5

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.
The Cyber Security Vulnerability Database.