A new vulnerability has been discovered in the WPLMS WordPress theme that could lead to a remote code execution (RCE) attack due to a critical path traversal flaw, which poses a serious risk to websites. CVE-2024-10470 vulnerability allows an attacker to read or delete arbitrary files on a server.
A vulnerability in the learning management system (LMS) WPLMS for WordPress was discovered by researcher Frederic Baranyai (Foxyyyy). The vulnerability is insufficient validation of file paths in the functions that handle reading and deleting files. This allows an attacker to bypass restrictions and delete critical files such as wp-config.php without authentication. Even if the theme is inactive, the site remains vulnerable if the WPLMS version is less than 4.963.
GitHub user RandomRobbieBF has demonstrated that it can be easily exploited by deleting or reading critical files, including .htaccess, using HTTP POST requests with the ‘download_export_zip’ option. Below is a list of active exploit examples. Despite the absence of cases of active exploitation, the potential risk remains high.
WPLMS theme users should immediately update to version 4.963 !!!