CVE-2024-56052 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-56052?

CVE-2024-56052 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress sites running vulnerable versions of the WPLMS plugin. Attackers can achieve remote code execution and full server compromise. All WordPress installations with WPLMS versions before 1.9.9.5.2 are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload arbitrary files, including web shells, to WordPress sites running vulnerable versions of the WPLMS plugin. Attackers can achieve remote code execution and full server compromise. All WordPress installations with WPLMS versions before 1.9.9.5.2 are affected.

💻 Affected Systems

Products:

VibeThemes WPLMS WordPress Plugin

Versions: All versions before 1.9.9.5.2

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all WordPress installations with the vulnerable plugin version, regardless of theme or other plugin configurations.

📦 What is this software?

Wordpress Learning Management System by Vibethemes

View all CVEs affecting Wordpress Learning Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with data exfiltration, ransomware deployment, and persistent backdoor installation across the entire hosting environment.

🟠

Likely Case

Web shell upload leading to website defacement, credential theft, and lateral movement within the hosting infrastructure.

🟢

If Mitigated

File upload attempts blocked at web application firewall level with no successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and uses simple HTTP POST requests with file uploads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.9.5.2

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-student-arbitrary-file-upload-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WPLMS plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 1.9.9.5.2+ from WordPress repository. 6. Deactivate old plugin. 7. Upload new version via FTP or WordPress uploader. 8. Activate updated plugin.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block file uploads to vulnerable WPLMS endpoints

# Example ModSecurity rule: SecRule REQUEST_URI "@rx /wp-content/plugins/wplms/.*upload" "id:1001,phase:2,deny,status:403,msg:'Block WPLMS file upload attempt'"

File System Permissions Restriction

linux

Remove write permissions from WPLMS upload directories

chmod -R 755 /var/www/html/wp-content/plugins/wplms/
chown -R www-data:www-data /var/www/html/wp-content/plugins/wplms/

🧯 If You Can't Patch

Immediately disable or remove the WPLMS plugin from all WordPress installations
Implement strict file upload filtering at the web server level (Apache/Nginx) to block PHP and executable file uploads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → WPLMS version number. If version is below 1.9.9.5.2, system is vulnerable.

Check Version:

wp plugin list --name=wplms --field=version

Verify Fix Applied:

Confirm WPLMS plugin version is 1.9.9.5.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

HTTP POST requests to /wp-content/plugins/wplms/*upload* endpoints
File uploads with .php, .phtml, .phar extensions in WPLMS directories
Unusual file creation in wp-content/uploads/wplms/ directories

Network Indicators:

POST requests with multipart/form-data to WPLMS endpoints
Unusual outbound connections from web server following file uploads

SIEM Query:

source="web_server" AND (uri_path="/wp-content/plugins/wplms/" AND http_method="POST" AND content_type="multipart/form-data")

📊 Metadata

CVE ID: CVE-2024-56052

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: December 18, 2024

Last Updated: December 12, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-student-arbitrary-file-upload-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56052, you might also want to check these: