WordPress Theme Security Update Advisory (CVE-2024-10470)

Nov 12 2024

Overview

An update has been released to address vulnerabilities in WordPress Theme. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-10470

LMS versions: ~ 4.962 (inclusive)

Resolved Vulnerabilities

Lack of file path validation and permission checking, which could allow unauthenticated attackers to read or delete arbitrary files (CVE-2024-10470)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-10470

LMS version: 4.963

Referenced Sites

[1] WPLMS Learning Management System for WordPress <= 4.962 – Unauthenticated Arbitrary File Read and Deletion

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/wplms/wplms-learning-management-system-for-wordpress-4962-unauthenticated-arbitrary-file-read-and-deletion

WordPress Theme Security Update Advisory (CVE-2024-10470)

Microsoft Edge browser (130.0.6723.116) version security update advisory

Citrix Product Security Update Advisory (CVE-2024-8534)

Tags:

Microsoft Edge browser (130.0.6723.116) version security update advisory

Citrix Product Security Update Advisory (CVE-2024-8534)