Analysis Summary

CVE-2024-56045 CVSS:9.3

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.

CVE-2024-56064 CVSS:10

Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3.

CVE-2024-56228 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce: Multi Wishlists Per Customer allows Reflected XSS.This issue affects Wishlist for WooCommerce: Multi Wishlists Per Customer: from n/a through 3.1.2.

CVE-2024-56265 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWeb WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.

CVE-2024-56232 CVSS:7.1

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4.

Impact

• Cross-Site Scripting
• Gain Access

Indicators of Compromise

CVE

• CVE-2024-56045

• CVE-2024-56064

• CVE-2024-56228

• CVE-2024-56265

• CVE-2024-56232

Affected Vendors

Remediation

Upgrade to the latest version of the plugin for WordPress, available from the WordPress Plugin Directory.

CVE-2024-56045

CVE-2024-56064

CVE-2024-56228

CVE-2024-56265

CVE-2024-56232