CVE-2024-56057: 
WordPress vulnerability analysis and mitigation

The CVE-2024-56057 is an Unrestricted Upload of File with Dangerous Type vulnerability discovered in VibeThemes WPLMS plugin. The vulnerability was disclosed on December 17, 2024, affecting versions before 1.9.9.5.2 of the WPLMS WordPress plugin. This security flaw allows authenticated users with Contributor or higher privileges to upload a web shell to a web server (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 9.9 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. It is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The vulnerability requires low attack complexity and can be exploited remotely with low privileges (NVD).

This vulnerability could allow a malicious actor to upload any type of file to the affected website, including backdoors which can then be executed to gain further access to the website. The critical CVSS score of 9.9 indicates severe potential impacts on the confidentiality, integrity, and availability of the affected system (Patchstack).

The vulnerability has been fixed in version 1.9.9.5.2 of the WPLMS plugin. Users are advised to update to version 1.9.9.5.2 or later immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to the fixed version (Patchstack).