FlagThis

A critical vulnerability, CVE-2024-10470, has been discovered in the WPLMS WordPress theme, putting thousands of LMS-driven websites at risk of Remote Code Execution (RCE) attacks. This vulnerability arises from a path traversal flaw, allowing attackers to read and delete arbitrary files on the server, even without authentication. The vulnerability affects all versions of WPLMS up to 4.962, and attackers could exploit it by sending crafted HTTP POST requests to delete essential files like wp-config.php, potentially leading to complete system compromise. Administrators using the WPLMS theme are advised to take immediate action to secure their WordPress environments. This includes deactivating and removing the WPLMS theme, strengthening access controls, implementing file integrity monitoring, taking regular backups, deploying a Web Application Firewall (WAF), and staying updated with the latest WPLMS patches. These steps are crucial for mitigating the risk of unauthorized access and safeguarding critical site functions.

References:

• Over Security - This article reports on the critical command injection vulnerability found in Cisco's URWB devices, which could allow attackers to gain root privileges. - 14d
• Firewall Daily - This article covers the critical command injection vulnerability that impacts Cisco’s Ultra-Reliable Wireless Backhaul devices. - 14d
• Over Security - CISA Finds Palo Alto Networks’ CVE-2024-5910 Exploited in the Wild - 13d
• security.paloaltonetworks.com - Palo Alto Networks CVE-2024-5910 - 13d
• Over Security - Cyble blog post about WPLMS vulnerability - 10d
• nvd.nist.gov - CVE details for WPLMS vulnerability - 10d
• Firewall Daily - The Cyber Express article on WPLMS WordPress theme vulnerability - 10d

Classification:

• HashTags: WordPress Vulnerability RCE
• Company: WPLMS
• Target: WPLMS Websites
• Feature: File Handling
• Type: Vulnerability
• Severity: Major