CVE-2024-56044 – CVE-2024-56044 is an authentication bypass vuln... (How to Fix)

Q: What is the severity of CVE-2024-56044?

CVE-2024-56044 has a CVSS score of 9.8 (CRITICAL). CVE-2024-56044 is an authentication bypass vulnerability in the WPLMS WordPress plugin that allows unauthenticated attackers to generate arbitrary user authentication tokens. This enables complete account takeover and administrative access without credentials. All WordPress sites using WPLMS versions up to 1.9.9 are affected.

📋 TL;DR

CVE-2024-56044 is an authentication bypass vulnerability in the WPLMS WordPress plugin that allows unauthenticated attackers to generate arbitrary user authentication tokens. This enables complete account takeover and administrative access without credentials. All WordPress sites using WPLMS versions up to 1.9.9 are affected.

💻 Affected Systems

Products:

VibeThemes WPLMS WordPress Plugin

Versions: All versions up to and including 1.9.9

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with WPLMS plugin installed and activated. No special configuration needed.

📦 What is this software?

Wordpress Learning Management System by Vibethemes

View all CVEs affecting Wordpress Learning Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise: attackers gain administrative access, install backdoors, steal sensitive data, deface websites, or use the site for further attacks.

🟠

Likely Case

Account takeover leading to data theft, privilege escalation, and unauthorized content modification.

🟢

If Mitigated

Limited impact if strong network segmentation, web application firewalls, and monitoring are in place to detect and block exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted HTTP requests to vulnerable endpoints. Public proof-of-concept code exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.0 or later

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-arbitrary-user-token-generation-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WPLMS plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 2.0+ from WordPress repository. 6. Deactivate old plugin. 7. Upload and activate new version.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable WPLMS plugin until patched version can be installed

wp plugin deactivate wplms

Web Application Firewall Rule

all

Block requests to vulnerable WPLMS endpoints

# WAF rule to block /wp-content/plugins/wplms/ endpoints

🧯 If You Can't Patch

Implement strict network access controls to limit access to WordPress admin interfaces
Enable comprehensive logging and monitoring for authentication bypass attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for WPLMS version. If version is 1.9.9 or lower, system is vulnerable.

Check Version:

wp plugin get wplms --field=version

Verify Fix Applied:

Verify WPLMS plugin version is 2.0 or higher in WordPress admin panel. Test authentication functionality works normally.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication token generation patterns
Multiple failed login attempts followed by successful login from same IP
Admin user login from unexpected IP addresses

Network Indicators:

HTTP POST requests to /wp-content/plugins/wplms/ endpoints with suspicious parameters
Unusual spikes in traffic to authentication-related endpoints

SIEM Query:

source="wordpress.log" AND ("wplms" OR "authentication_token") AND (status=200 OR status=302)

📊 Metadata

CVE ID: CVE-2024-56044

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

Published: December 31, 2024

Last Updated: December 15, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-arbitrary-user-token-generation-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56044, you might also want to check these: