WordPress Plugin Security Update Advisory
Overview
An update has been released to address vulnerabilities in WordPress VibeThemes WPLMS. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-56047, CVE-2024-56048, CVE-2024-56050, CVE-2024-56052
- VibeThemes WPLMS versions: ~ 1.9.9.5.3 (excluded)
- VibeThemes WPLMS versions: ~ 1.9.9 (inclusive)
- VibeThemes WPLMS versions: ~ 1.9.9.5.3 (excluded)
- VibeThemes WPLMS versions: ~ 1.9.9.5.2 (excluded)
Resolved Vulnerabilities
SQL Injection Vulnerability in VibeThemes WPLMS (CVE-2024-56047)
Improper Authorization Validation Vulnerability in VibeThemes WPLMS (CVE-2024-56048)
File Upload Vulnerability in VibeThemes WPLMS (CVE-2024-56050, CVE-2024-56052)
Vulnerability Patches
Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-56047, CVE-2024-56048, CVE-2024-56050, CVE-2024-56052
- VibeThemes WPLMS version: 1.9.9.5.3 or later version
- VibeThemes WPLMS version: 1.9.9.1 or later version
- VibeThemes WPLMS version: 1.9.9.5.3 or later version
- VibeThemes WPLMS version: 1.9.9.5.2 or later version
Referenced Sites
[1] CVE-2024-56047 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-56047
[2] CVE-2024-56087 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-56048
[3] CVE-2024-56050 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-56050
[4] CVE-2024-56052 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-56052
[5] Vibebp 1.9.9.7.7 & WPLMS Plugin 1.9.9.5.3
https://wplms.io/support/knowledge-base/vibebp-1-9-9-7-7-wplms-plugin-1-9-9-5-2/
[6] Multiple Critical Vulnerabilities Patched in WPLMS and VibeBP Plugins