Critical flaw reported in WPLMS Learning Management System for WordPress
Take action: If you are WPLMS Learning Management System for WordPress, patch IMMEDIATELY. It's critically vulnerable, and exposes your WordPress even if the plugin is disabled. If you can't update, remove the plugin entirely.
Learn More
A critical security vulnerability has been discovered in the WPLMS Learning Management System (LMS) theme for WordPress, exposing educational websites and learning management systems:
- CVE-2024-10470 (CVSS score 9.8) is a Path traversal vulnerability enabling Remote Code Execution (RCE) and arbitrary file manipulation. It allows unauthorized reading and deletion of arbitrary files on the server. No authentication os needed for exploit. The vulnerability stems from inadequate file path validation in the theme's file handling functions. Attackers can exploit this flaw by sending crafted HTTP POST requests with the "download_export_zip" parameter, enabling them to manipulate server files without authentication.
The vulnerability was discovered by security researcher Friderika Baranyai (Foxyyy), and proof-of-concept exploit code has been documented by GitHub user RandomRobbieBF.
The vulnerability is particularly concerning because it remains exploitable even when the theme is inactive and allows attackers to target critical WordPress files including wp-config.php and .htaccess
Affected Versions: All WPLMS versions up to and including 4.962
WPLMS Learning Management System fixed Version is 4.963
Users are advised to immediately upgrade to WPLMS version 4.963 or later. If immediate upgrade is not possible, to deactivate and remove the WPLMS theme, deploy Web Application Firewall (WAF) to filter malicious requests, maintain regular backups.
