CVE-2024-56050 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2024-56050?

CVE-2024-56050 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the WPLMS plugin. Attackers can gain full control of affected web servers. All WordPress installations with vulnerable WPLMS plugin versions are affected.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the WPLMS plugin. Attackers can gain full control of affected web servers. All WordPress installations with vulnerable WPLMS plugin versions are affected.

💻 Affected Systems

Products:

VibeThemes WPLMS WordPress Plugin

Versions: All versions before 1.9.9.5.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with WPLMS plugin active.

📦 What is this software?

Wordpress Learning Management System by Vibethemes

View all CVEs affecting Wordpress Learning Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as part of a botnet.

🟠

Likely Case

Web shell upload leading to website defacement, data exfiltration, or cryptocurrency mining.

🟢

If Mitigated

File uploads blocked or sanitized, preventing malicious file execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires subscriber-level access. Public proof-of-concept available on Patchstack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.9.5.3

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-3-subscriber-arbitrary-file-upload-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WPLMS plugin. 4. Click 'Update Now' if update available. 5. If no update available, download version 1.9.9.5.3 from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable WPLMS Plugin

all

Temporarily disable the vulnerable plugin until patched.

wp plugin deactivate wplms

Restrict File Uploads

linux

Configure web server to block execution of uploaded files in upload directories.

Add 'Options -ExecCGI' and 'RemoveHandler .php .php3 .php4 .php5 .php7 .phtml' to .htaccess in upload directories

🧯 If You Can't Patch

Implement strict file upload validation at application level
Deploy web application firewall with file upload protection rules

🔍 How to Verify

Check if Vulnerable:

Check WPLMS plugin version in WordPress admin panel under Plugins > Installed Plugins.

Check Version:

wp plugin get wplms --field=version

Verify Fix Applied:

Confirm WPLMS plugin version is 1.9.9.5.3 or higher.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to wp-content/uploads/wplms/
POST requests to upload endpoints with suspicious file extensions

Network Indicators:

HTTP requests uploading .php, .phtml, or other executable files to WPLMS endpoints

SIEM Query:

source="web_logs" AND (uri_path="/wp-content/plugins/wplms/*upload*" OR uri_path="/wp-admin/admin-ajax.php") AND (file_extension="php" OR file_extension="phtml" OR file_extension="php5")

📊 Metadata

CVE ID: CVE-2024-56050

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: December 18, 2024

Last Updated: December 12, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-3-subscriber-arbitrary-file-upload-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56050, you might also want to check these: