CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-56043

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00054/1

CVE-2024-56043: Privilege Escalation vulnerability in VibeThemes WPLMS. This security flaw permits unauthorized users to gain elevated access levels within the WPLMS platform. The Incorrect Privilege Assignment weakness impacts WPLMS versions up to 1.9.9. Despite a CVSS score of 0, SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a potential risk level. This means while the CVSS may not rate it highly, SOCRadar's analysis of threat intelligence suggests the vulnerability may warrant attention. Successful exploitation could lead to significant damage, enabling attackers to manipulate data, control system functions, or access sensitive information. Organizations using WPLMS should review their access controls and consider available patches or mitigations to address this vulnerability. While not critical according to the SVRS, continuous monitoring is advised due to the "In The Wild" tag, suggesting active exploitation attempts.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-12-31
LAST MODIFIED2024-12-31

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Multiple Critical Vulnerabilities Patched in WPLMS and VibeBP Plugins
Rafie Muhammad2025-02-01
Multiple Critical Vulnerabilities Patched in WPLMS and VibeBP Plugins | This blog post is about the WPLMS and VibeBP vulnerabilities. If you’re a WPLMS and VibeBP user, please update the plugin to at least version 1.9.9.5.3 and 1.9.9.7.7 respectively. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, we have security […] The post Multiple Critical Vulnerabilities Patched in WPLMS and VibeBP Plugins appeared
webarxsecurity.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
Ajit Jasrotia2025-01-06
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan] | Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner. This week, we dive […] The post ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
allhackernews.com
rss
forum
news
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan] - The Hacker News
2025-01-06
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan] - The Hacker News | News Content: Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner. This week, we dive into the hidden risks, surprising loopholes, and the clever tricks cybercriminals are using to outsmart the systems we depend on. Stay with us as we unpack what's
google.com
rss
forum
news
WordPress Eklentilerinde Kritik Güvenlik Açıkları: WPLMS ve VibeBP
Görkem Hınçer2025-01-03
WordPress Eklentilerinde Kritik Güvenlik Açıkları: WPLMS ve VibeBP | Güvenlik araştırmacıları, WordPress’in popüler WPLMS ve VibeBP eklentilerinde bir dizi kritik güvenlik açığı tespit etti. Bu eklentiler, 28.000’den fazla satışa sahip olan WPLMS premium LMS teması için hayati önem taşıyor. Online kurslar oluşturmak, öğrencileri yönetmek ve eğitim içeriklerini satmak amacıyla kullanılan bu eklentilerdeki güvenlik açıkları, ciddi riskler oluşturdu. Kritik Güvenlik Açıkları Tespit Edildi Araştırmalara göre, bu açıklar arasında yetkisiz dosya yükleme, ayrıcalık yükseltme ve SQL enjeksiyon saldırıları bulunuyor. PatchStack tarafından tespit edilen en ciddi açıklar şu şekilde: Yetkisiz dosya yükleme: CVE-2024-56046 koduyla tanımlanan bu açık
siberguvenlik.web.tr
rss
forum
news
CVE-2024-56043 | WPLMS Theme Plugin on WordPress Role improper authentication
vuldb.com2024-12-24
CVE-2024-56043 | WPLMS Theme Plugin on WordPress Role improper authentication | A vulnerability, which was classified as critical, has been found in WPLMS Theme Plugin on WordPress. This issue affects some unknown processing of the component Role Handler. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-56043. The attack may be initiated remotely. There is no exploit available
vuldb.com
rss
forum
news

Social Media

CVE-2024-56043 Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9. https://t.co/NUZ6Nt5nsd
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CWE Details

CWE IDCWE NameDescription
CWE-266Incorrect Privilege AssignmentA product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence