CVE-2024-10470

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 9, 2024

Updated: Nov 12, 2024

CWE ID 22

Summary

CVE-2024-10470 is a vulnerability affecting the WPLMS Learning Management System for WordPress and its WordPress LMS theme. The issue stems from insufficient file path validation and permissions checks in the readfile and unlink functions, which can be exploited by unauthenticated attackers to read or delete arbitrary files on the server. This susceptibility exists in all versions up to 4.962, posing a serious risk, especially when the file deleted is the wp-config.php file, enabling remote code execution. The vulnerability holds significance even when the theme is not activated.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z8dnYC
https://www.cve.org/CVERecord?id=CVE-2024-10470
https://nvd.nist.gov/vuln/detail/CVE-2024-10470

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners

CVE-2024-10470

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations