CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-56044

CVSS 9.8v3.1pub. 2024-12-31upd. 2026-04-23

Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-288 (Authentication Bypass Using an Alternate Path or Channel) involves the WPLMS plugin's authentication mechanism being bypassed through an alternative access path or channel. According to reference information, the flaw allows an unauthenticated attacker to generate tokens for any user in the system without possessing their login credentials. The attack is possible remotely, without user interaction, and requires no privileges.

Impact

An attacker can gain unauthorized access to user accounts on the e-learning platform, including potentially administrator accounts, which could lead to complete takeover of the WordPress site and compromise of data confidentiality, integrity, and availability.

Mitigation & patch

The WPLMS plugin must be immediately updated to a version higher than 1.9.9. Detailed information about available patches can be found in the manufacturer's references and in the Patchstack database.

Who is affected

WPLMS plugin (wplms_plugin) by VibeThemes for WordPress in versions from n/a to 1.9.9 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Vibethemes WordPress Learning Management System

    APP
    Vibethemes
    < 1.9.9.1
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-56046CRITICAL10.0PL ✓ten sam produkt

Niekontrolowane przesyłanie plików w pluginie WPLMS — upload Web Shell

CVE-2024-56042CRITICAL9.3PL ✓ten sam produkt

SQL Injection w pluginie WPLMS dla WordPress (VibeThemes)

CVE-2024-56043CRITICAL9.8PL ✓ten sam produkt

WPLMS Plugin – nieuwierzytelniona eskalacja uprawnień (privilege escalation)

CVE-2024-56045CRITICAL9.3PL ✓ten sam produkt

Path Traversal w WPLMS — nieautoryzowane usuwanie katalogów

CVE-2024-56050CRITICAL9.9PL ✓ten sam produkt

Nieograniczony upload plików w WPLMS — możliwość wgrania Web Shell