Unrestricted File Upload Vulnerability in VibeThemes WPLMS
CVE-2024-56046

10CRITICAL

Key Information:

Vendor: WordPress
Status: WPlms
Vendor: CVE Published:; 31 December 2024

Summary

The unrestricted file upload vulnerability in VibeThemes WPLMS enables attackers to upload files of dangerous types, specifically allowing the upload of web shells to the server. This results in potential full control of the web server, leading to serious security ramifications. The issue affects versions from n/a through 1.9.9, making it crucial for users to promptly address and mitigate the risks associated.

Affected Version(s)

WPLMS <= 1.9.9

References

https://patchstack.com/database/wordpress/plugin/wplms-pl...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2024
Vulnerability Reserved
Dec 14, 2024

Credit

Rafie Muhammad (Patchstack)