CVE-2024-56057 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2024-56057?

CVE-2024-56057 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the WPLMS plugin. It affects all WordPress installations with vulnerable versions of the WPLMS plugin, potentially leading to complete server compromise.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress sites using the WPLMS plugin. It affects all WordPress installations with vulnerable versions of the WPLMS plugin, potentially leading to complete server compromise.

💻 Affected Systems

Products:

WPLMS WordPress Plugin

Versions: All versions before 1.9.9.5.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress sites with WPLMS plugin installed and active.

📦 What is this software?

Wordpress Learning Management System by Vibethemes

View all CVEs affecting Wordpress Learning Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover, data exfiltration, ransomware deployment, and persistent backdoor access.

🟠

Likely Case

Web shell upload leading to website defacement, data theft, and further lateral movement within the hosting environment.

🟢

If Mitigated

File upload attempts blocked by web application firewall or file type restrictions.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated user access but is trivial once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.9.9.5.2

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-arbitrary-file-upload-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WPLMS plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.9.9.5.2 from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable WPLMS Plugin

all

Temporarily deactivate the vulnerable plugin until patching is possible.

wp plugin deactivate wplms

Restrict File Uploads via .htaccess

linux

Block execution of uploaded files in the uploads directory.

Add to .htaccess in wp-content/uploads: <FilesMatch "\.(php|php5|phtml|pl|py|jsp|asp|sh|cgi)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Implement strict file upload validation at web server level.
Deploy web application firewall with file upload protection rules.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for WPLMS version below 1.9.9.5.2.

Check Version:

wp plugin get wplms --field=version

Verify Fix Applied:

Confirm WPLMS plugin version is 1.9.9.5.2 or higher in WordPress admin.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to wp-content/uploads directory
POST requests to WPLMS file upload endpoints with executable extensions

Network Indicators:

HTTP POST requests with file uploads to WPLMS-specific endpoints

SIEM Query:

source="web_server" AND (uri_path="/wp-content/plugins/wplms/*" AND method="POST" AND file_extension IN ("php", "phtml", "jsp"))

📊 Metadata

CVE ID: CVE-2024-56057

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: December 18, 2024

Last Updated: December 12, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-2-arbitrary-file-upload-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56057, you might also want to check these: