Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9.
WPLMS plugin in versions up to and including 1.9.9 does not sufficiently verify the type or content of uploaded files (CWE-434). An attacker without any authentication can upload an executable file to the server, such as a PHP Web Shell. Once such a file is placed on the server, it can be remotely invoked via HTTP and execute arbitrary system commands in the context of the web server process.
An attacker can gain full control over the web server by executing a Web Shell — this enables reading and modifying data, privilege escalation, lateral movement in the internal network, and complete takeover of the hosting environment.
The WPLMS plugin must be immediately updated to a version higher than 1.9.9. Detailed information about available patches is available in the vendor's references and in the Patchstack database. Until the update is applied, it is recommended to temporarily disable the plugin and monitor the uploads directory for suspicious executable files.
WPLMS plugin (wplms_plugin) by VibeThemes for WordPress, versions from the beginning through 1.9.9 inclusive.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HVibethemes WordPress Learning Management System
APPVibethemes< 1.9.9.1
Related vulnerabilities
Path Traversal w WPLMS — nieautoryzowane usuwanie katalogów
SQL Injection w pluginie WPLMS dla WordPress (VibeThemes)
WPLMS Plugin – nieuwierzytelniona eskalacja uprawnień (privilege escalation)
Authentication Bypass w pluginie WPLMS dla WordPress (do wersji 1.9.9)
Nieograniczony upload plików w WPLMS — możliwość wgrania Web Shell