Severity
High
Analysis Summary
CVE-2024-56045 CVSS:9.3
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.
CVE-2024-56064 CVSS:10
Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3.
CVE-2024-56228 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce: Multi Wishlists Per Customer allows Reflected XSS.This issue affects Wishlist for WooCommerce: Multi Wishlists Per Customer: from n/a through 3.1.2.
CVE-2024-56265 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWeb WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.
CVE-2024-56232 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4.
Impact
- Cross-Site Scripting
- Gain Access
Indicators of Compromise
CVE
CVE-2024-56045
CVE-2024-56064
CVE-2024-56228
CVE-2024-56265
CVE-2024-56232
Affected Vendors
- WordPress
Affected Products
- VibeThemes WPLMS - n/a
- wpweb WooCommerce PDF Vouchers - n/a
- Azzaroco WP SuperBackup - n/a
- WPFactory Wishlist for WooCommerce: Multi Wishlists Per Customer - n/a
- Alexander Volkov WP Nice Loader - n/a
Remediation
Upgrade to the latest version of the plugin for WordPress, available from the WordPress Plugin Directory.