Plattform
wordpress
Komponente
wplms-plugin
Behoben in
1.9.9.5
CVE-2024-56051 describes a Remote Code Execution (RCE) vulnerability within the WPLMS WordPress plugin. This flaw allows attackers to inject arbitrary code, potentially leading to complete system compromise. The vulnerability affects versions of WPLMS prior to 1.9.9.5, and a patch has been released to address the issue.
The impact of this RCE vulnerability is severe. A successful exploit allows an attacker to execute arbitrary code on the server hosting the WordPress site. This could lead to data theft, website defacement, malware installation, or complete server takeover. Depending on the server configuration and privileges, the attacker could potentially gain access to other systems on the network, leading to lateral movement and a significant blast radius. The ability to inject code directly into a widely used WordPress plugin makes this a particularly concerning vulnerability.
CVE-2024-56051 was publicly disclosed on December 18, 2024. While no active exploitation campaigns have been definitively confirmed, the RCE nature of the vulnerability makes it a high-priority target. The availability of a patch suggests that researchers may have discovered the vulnerability prior to public disclosure. The vulnerability is not currently listed on the CISA KEV catalog.
Websites utilizing the WPLMS plugin, particularly those running older, unpatched versions (≤1.9.9.5), are at significant risk. Shared hosting environments where plugin updates are managed by the hosting provider are also vulnerable if they have not yet applied the patch. WordPress sites with limited security hardening measures are especially susceptible.
• wordpress / composer / npm:
grep -r "vibeThemes" /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list | grep WPLMS• wordpress / composer / npm:
wp plugin update WPLMS --version=1.9.9.5disclosure
Exploit-Status
EPSS
0.52% (67% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-56051 is to immediately upgrade the WPLMS plugin to version 1.9.9.5 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These may include restricting file upload capabilities within the WPLMS plugin or implementing strict input validation on any user-supplied data processed by the plugin. Monitor WordPress access logs for suspicious activity, particularly attempts to execute unusual code. After upgrading, confirm the vulnerability is resolved by attempting a code injection payload (carefully, in a test environment) and verifying that it is blocked.
Actualiza el plugin WPLMS a la versión 1.9.9.5 o superior. Esta actualización corrige la vulnerabilidad de ejecución remota de código. Puedes actualizar el plugin directamente desde el panel de administración de WordPress.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-56051 is a Remote Code Execution vulnerability affecting WPLMS WordPress plugin versions prior to 1.9.9.5, allowing attackers to execute arbitrary code.
You are affected if you are using WPLMS version 1.9.9.5 or earlier. Check your plugin version and upgrade immediately if necessary.
Upgrade the WPLMS plugin to version 1.9.9.5 or later. This resolves the code injection vulnerability.
While no active exploitation has been confirmed, the RCE nature of the vulnerability makes it a high-priority target. Continuous monitoring is recommended.
Refer to the WPLMS official website and WordPress plugin repository for the latest security advisories and updates related to CVE-2024-56051.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.