Arbitrary File Upload Vulnerability in WPLMS by VibeThemes

CVE-2024-56050

What is CVE-2024-56050?

The WPLMS product by VibeThemes is susceptible to a significant vulnerability that permits unauthorized users to upload potentially harmful files. This loophole enables an attacker to integrate a web shell into the server, which can be utilized for executing arbitrary commands and manipulating the server environment. Specifically, it impacts versions of WPLMS prior to 1.9.9.5.3, thereby creating a critical security risk for users who haven't updated their installations. Users are urged to review their system's security measures and apply necessary updates to protect against exploitation.

References