0.0

CVE-2024-56044 - WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary User Token Generation vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This issue affects WPLMS: from n/a through <= 1.9.9.

📅 Published: Dec. 31, 2024, 1:17 p.m. 🔄 Last Modified: April 1, 2026, 4:21 p.m.

0.0

CVE-2024-56043 - WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9.

📅 Published: Dec. 31, 2024, 1:15 p.m. 🔄 Last Modified: April 1, 2026, 4:21 p.m.

0.0

CVE-2024-56040 - WordPress VibeBP plugin <= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1.

📅 Published: Dec. 31, 2024, 1:15 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-56042 - WordPress WPLMS plugin < 1.9.9.5.3 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS wplms_plugin allows SQL Injection.This issue affects WPLMS: from n/a through < 1.9.9.5.3.

📅 Published: Dec. 31, 2024, 12:57 p.m. 🔄 Last Modified: April 1, 2026, 4:21 p.m.

0.0

CVE-2024-56041 - WordPress VibeBP plugin < 1.9.9.5.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.5.1.

📅 Published: Dec. 31, 2024, 12:57 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-56039 - WordPress VibeBP plugin < 1.9.9.7.7 - Unauthenticated SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP vibebp allows SQL Injection.This issue affects VibeBP: from n/a through < 1.9.9.7.7.

📅 Published: Dec. 31, 2024, 12:55 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-56064 - WordPress WP SuperBackup plugin <= 2.3.3 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

📅 Published: Dec. 31, 2024, 12:54 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

9.8

CVSS3.1

CVE-2024-56046 - WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through <= 1.9.9.

📅 Published: Dec. 31, 2024, 12:53 p.m. 🔄 Last Modified: April 1, 2026, 4:21 p.m.

0.0

CVE-2024-56068 - WordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup.This issue affects WP SuperBackup: from n/a through <= 2.3.3.

📅 Published: Dec. 31, 2024, 12:51 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

0.0

CVE-2024-55991 - WordPress CRM Plugin – WP-CRM System plugin <= 3.2.9.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through <= 3.2.9.1.