June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple TP-Link VN020 Vulnerabilities
December 30, 2024
Cobalt Strike Malware – Active IOCs
December 30, 2024
Multiple TP-Link VN020 Vulnerabilities
December 30, 2024
Cobalt Strike Malware – Active IOCs
December 30, 2024
Severity
High
Analysis Summary
CVE-2024-54381 CVSS:7.1
Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1.
CVE-2024-54383 CVSS:9.8
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.
CVE-2024-56055 CVSS:8.5
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.
CVE-2024-56051 CVSS:8.5
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5.
Impact
- Code Execution
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-54381
- CVE-2024-54383
- CVE-2024-56055
- CVE-2024-56051
Affected Vendors
WordPress
Affected Products
- VibeThemes WPLMS - n/a
- theDotstore Advance Menu Manager - n/a
- wpweb WooCommerce PDF Vouchers - n/a
Remediation
Update the WordPress plugin to the latest available version.
