How severe is CVE-2024-10470?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2024-10470 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Vibethemes Wplms Learning Management System For Wordpress, Wordpress Lms

CVE-2024-10470

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.485 (97.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Vibethemes Wplms Learning Management System For Wordpress, Wordpress Lms — versions 0

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-10470?: CVE-2024-10470 is a critical-severity vulnerability in Vibethemes Wplms Learning Management System For Wordpress, Wordpress Lms, classified under Path Traversal. CVSS score: 9.8/10. Published 2024-11-09.
How severe is CVE-2024-10470?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2024-10470 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.