Overview
- Description
- The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-22
Social media
- Hype score
- Not currently trending
CVE-2024-10470 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file re..https://t.co/LgULX16SoW #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPress WPMLS Theme has a Critical Bug CVE-2024-10470 #WordPress #WPLMS #CVE-2024-10470 https://t.co/Cz6wEwSRuq
@pravin_karthik
14 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2024-10470 (CVSS 9.8) in Popular WordPress plugin WPLMS 🎯1.3k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/rQ2qEbdqQZ FOFA Query:body="/wp-content/plugins/wplms_plugin/" 🔖Refer: https://t.co/11prGzVe8n #OSINT #FOFA… https
@fofabot
11 Nov 2024
1523 Impressions
12 Retweets
28 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-10470 (CVSS: 9.8) : WPLMS Learning Management System for WordPress Unauthenticated Arbitrary File Read and Deletion ZoomEye Dork👉app="WordPress WPLMS Plugin" 422 results are found on https://t.co/2EQoXN52Vx. ZoomEye Link: https://t.co/LWMwz57XFc Refer:… https://t
@zoomeye_team
11 Nov 2024
181 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of Sites https://t.co/dMDk0FBL5c
@Dinosn
9 Nov 2024
5882 Impressions
31 Retweets
109 Likes
37 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10470: CRITICAL] WordPress LMS theme WPLMS has a serious cyber security vulnerability allowing remote attackers to delete arbitrary files, opening the door to remote code execution. Update ASAP!#cybersecurity,#vulnerability https://t.co/06MNxmQfsv https://t.co/E1X4KUw6B
@CveFindCom
9 Nov 2024
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10470 The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path … https://t.co/NHeyjITghK
@CVEnew
9 Nov 2024
373 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10470 CVE-2024-10470 WPLMS Learning Management System for WordPress <= 4.962 – Unauthenticated Arbitrary File Read and Deletion Description The WPLMS Learning Management System for WordPress, WordPress LM... https://t.co/Sesof3SN1Q
@VulmonFeeds
9 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes