Login Sign Up

CVE-2024-56054

9.1 CRITICAL

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the WPLMS plugin. It affects all WordPress installations with vulnerable versions of the WPLMS plugin, potentially giving attackers full control over affected websites.

💻 Affected Systems

Products:
  • WordPress WPLMS Plugin
Versions: All versions before 1.9.9.5.2
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the WPLMS plugin to be installed and active on WordPress.

📦 What is this software?

Wordpress Learning Management System by Vibethemes

View all CVEs affecting Wordpress Learning Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the WordPress site, data theft, defacement, and use as a pivot point for attacking other systems.

🟠

Likely Case

Attackers upload web shells to gain persistent access, install malware, or steal sensitive data from the site.

🟢

If Mitigated

If proper file upload restrictions and web application firewalls are in place, exploitation attempts would be blocked.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires instructor-level access in WPLMS, making it authenticated but not requiring admin privileges.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.9.5.2

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-instructor-arbitrary-file-upload-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WPLMS and click 'Update Now' if available. 4. Alternatively, download version 1.9.9.5.2 from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable File Uploads for Instructors

all

Temporarily restrict file upload capabilities for instructor roles in WPLMS settings.

Web Application Firewall Rule

all

Block uploads of executable file types (.php, .asp, .jsp, etc.) at the WAF level.

🧯 If You Can't Patch

  • Disable the WPLMS plugin entirely until patching is possible.
  • Implement strict file upload validation at the server level using .htaccess or nginx rules.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for WPLMS version. If version is below 1.9.9.5.2, the site is vulnerable.

Check Version:

wp plugin list --name=wplms --field=version

Verify Fix Applied:

After updating, confirm WPLMS version shows as 1.9.9.5.2 or higher in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to WPLMS directories, especially .php files from instructor accounts.
  • Web server logs showing POST requests to upload endpoints with suspicious file extensions.

Network Indicators:

  • HTTP POST requests to /wp-content/uploads/wplms/ or similar paths with executable file uploads.

SIEM Query:

source="web_server" AND method="POST" AND uri="/wp-content/uploads/wplms/" AND (extension=".php" OR extension=".asp" OR extension=".jsp")

📊 Metadata

CVE ID: CVE-2024-56054
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-434
Published: December 18, 2024
Last Updated: December 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56054, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)