Analysis Summary

CVE-2024-56046 CVSS:10

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server. This issue affects WPLMS: from n/a through 1.9.9.

CVE-2024-56068 CVSS:7.5

Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBackup.This issue affects WP SuperBackup: from n/a through 2.3.3.

Impact

• Gain Access

Indicators of Compromise

CVE

• CVE-2024-56046

• CVE-2024-56068

Affected Vendors

Remediation

Upgrade to the latest version of the plugin for WordPress, available from the WordPress Plugin Directory.

CVE-2024-56046

CVE-2024-56068