Arbitrary File Upload Vulnerability in WPLMS by VibeThemes
CVE-2024-56057

Currently unrated

Key Information:

Vendor

VibeThemes

Status
WPLMS
Vendor
CVE Published:
18 December 2024

What is CVE-2024-56057?

A security vulnerability in VibeThemes' WPLMS plugin allows for unrestricted file uploads, potentially enabling attackers to upload malicious web shells onto a web server. This issue affects all versions of WPLMS prior to 1.9.9.5.2, posing a significant risk for users who have not applied the latest updates. Implementing strict file validation and limiting upload capabilities are essential measures to mitigate this risk.

References

https://patchstack.com/database/wordpress/plugin/wplms-pl...

Timeline

  • Vulnerability published

.