cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-10470,https://securityvulnerability.io/vulnerability/CVE-2024-10470,Unauthenticated File Deletion Vulnerability in WPLMS LMS Theme for WordPress,"The CVE-2024-10470 vulnerability in the WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is a critical path traversal vulnerability that affects all versions up to and including 4.962. It allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution, even when the theme is not activated. There is no evidence of active exploitation by ransomware groups, but the potential impact includes unauthorized data access, site disruption, and potential full system compromise. Website administrators are advised to deactivate or remove the WPLMS theme, apply strong access controls, implement file integrity monitoring, back up installations regularly, use a web application firewall, monitor for updates, and consider isolating WordPress installations to mitigate potential exploitation. The vulnerability is resolved in version 4.963, so updating to this version will eliminate the risk.",Wordpress,"WPlms Learning Management System For WordPress, WordPress Lms",9.8,CRITICAL,0.000910000002477318,false,,true,false,true,true,false,false,2024-11-09T05:40:22.357Z,0