CVE-2024-10470

{"id": "CVE-2024-10470", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-11-09T06:15:15.967", "references": [{"url": "https://themeforest.net/item/wplms-learning-management-system/6780226", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1932c9b4-2fea-40f8-9748-09ded8143c11?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated."}, {"lang": "es", "value": "El tema WPLMS Learning Management System para WordPress, WordPress LMS para WordPress, es vulnerable a la lectura y eliminaci\u00f3n arbitraria de archivos debido a la insuficiente validaci\u00f3n de la ruta de archivo y las comprobaciones de permisos en las funciones readfile y unlink en todas las versiones hasta la 4.962 incluida. Esto hace posible que atacantes no autenticados eliminen archivos arbitrarios en el servidor, lo que puede conducir f\u00e1cilmente a la ejecuci\u00f3n remota de c\u00f3digo cuando se elimina el archivo correcto (como wp-config.php). El tema es vulnerable incluso cuando no est\u00e1 activado."}], "lastModified": "2025-12-23T17:03:56.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vibethemes:wordpress_learning_management_system:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "597E44AE-36D7-43B0-BB18-E4CF12614FA2", "versionEndExcluding": "4.963"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}