Premium WPLMS WordPress-Plugins beheben sieben kritische Schwachstellen

Teilen:

Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical severity vulnerabilities.

The bugs could enable a remote, unauthenticated attacker to upload arbitrary files to the server, execute code, escalate privileges to administrator level, and perform SQL injections.

The WPLMS theme is a learning management system (LMS) for WordPress, used primarily by educational institutions, corporations providing training, and e-learning providers. It also offers integration with WooCommerce for selling courses.

Vulnerabilities in WPLMS theme

Patchstack vulnerability researchers found a total of 18 security issues in the WPLMS and VibeBP plugins and present in a recent report 10 of the most significant ones.

Here’s a summary of the flaws impacting the WPLMS theme:

  1. CVE-2024-56046 (CVSS 10.0): Allows attackers to upload malicious files without authentication, potentially leading to remote code execution (RCE).
  2. CVE-2024-56050 (CVSS 9.9): Authenticated users with subscriber privileges can upload files, bypassing restrictions.
  3. CVE-2024-56052 (CVSS 9.9): Similar to Subscriber+ but exploitable by users with student roles.
  4. CVE-2024-56043 (CVSS 9.8): Attackers can register as any role, including Administrator, without authentication.
  5. CVE-2024-56048 (CVSS 8.8): Low-privilege users can escalate to higher roles, such as Administrator, by exploiting weak role validation.
  6. CVE-2024-56042 (CVSS 9.3): Attackers can inject malicious SQL queries to extract sensitive data or compromise the database.
  7. CVE-2024-56047 (CVSS 8.5): Low-privilege users can execute SQL queries, potentially compromising data integrity or confidentiality.

And for VibeBP:

  1. CVE-2024-56040 (CVSS 9.8): Attackers can register as privileged users without authentication.
  2. CVE-2024-56039 (CVSS 9.3): SQL queries can be injected by unauthenticated users, exploiting poorly sanitized inputs.
  3. CVE-2024-56041 (CVSS 8.5): Authenticated users with minimal privileges can perform SQL injection to compromise or extract database information.

Users of WPLMS should upgrade to version 1.9.9.5.3 and newer, while VibeBP should be upgraded to 1.9.9.7.7 or later.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
4:14 am, Juli 14, 2025
Wetter-Symbol 19°C
L: 17° | H: 20°
light rain
Luftfeuchtigkeit: 75 %
Druck: 1011 mb
Wind: 7 mph SSW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0.11 mm
Wolken: 100%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:59 am
Sonnenuntergang: 9:12 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
17° | 20°°C 0 mm 0% 18 mph 76 % 1015 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
15° | 20°°C 1 mm 100% 15 mph 78 % 1016 mb 0 mm/h
Mi. Juli 16 10:00 pm
Wetter-Symbol
14° | 27°°C 0.2 mm 20% 14 mph 73 % 1017 mb 0 mm/h
Do. Juli 17 10:00 pm
Wetter-Symbol
18° | 26°°C 1 mm 100% 8 mph 80 % 1017 mb 0 mm/h
Fr. Juli 18 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 12 mph 79 % 1015 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
17° | 18°°C 0 mm 0% 9 mph 76 % 1011 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
20° | 20°°C 0 mm 0% 11 mph 59 % 1012 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 15 mph 39 % 1013 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
25° | 25°°C 0 mm 0% 18 mph 28 % 1013 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 15 mph 30 % 1013 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
19° | 19°°C 0 mm 0% 9 mph 45 % 1015 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
16° | 16°°C 0 mm 0% 8 mph 61 % 1016 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
15° | 15°°C 0 mm 0% 8 mph 72 % 1016 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€102,564.53
1.89%
Ethereum(ETH)
€2,571.81
1.86%
XRP(XRP)
€2.49
5.11%
Fesseln(USDT)
€0.86
0.00%
Solana(SOL)
€141.35
2.48%
USDC(USDC)
€0.86
0.00%
Dogecoin(DOGE)
€0.172665
2.02%
Shiba Inu(SHIB)
€0.000012
2.61%
Pepe(PEPE)
€0.000011
2.96%
Peanut das Eichhörnchen(PNUT)
€0.244556
5.81%
Nach oben scrollen