CVE-2024-10470

CRITICAL

WPLMS Learning Management System for WordPress <= 4.962 - Arbitrary File Read/Deletion via Path Validation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-10470. PoCs published by 0xshoriful, RandomRobbieBF.

AI-analyzed exploit summary The repository contains a functional proof-of-concept for CVE-2024-10470, demonstrating an unauthenticated arbitrary file read and deletion vulnerability in WPLMS Learning Management System for WordPress <= 4.962. The PoC includes a crafted HTTP POST request targeting the 'envato-setup-export.php' endpoint to exploit insufficient file path validation.

Description

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated.

Exploits (2)

nomisec WORKING POC
by 0xshoriful · poc
https://github.com/0xshoriful/CVE-2024-10470

The repository contains a functional proof-of-concept for CVE-2024-10470, demonstrating an unauthenticated arbitrary file read and deletion vulnerability in WPLMS Learning Management System for WordPress <= 4.962. The PoC includes a crafted HTTP POST request targeting the 'envato-setup-export.php' endpoint to exploit insufficient file path validation.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WPLMS Learning Management System for WordPress <= 4.962
No auth needed
Prerequisites: Access to the target WordPress instance with the vulnerable WPLMS theme installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-10470

The repository contains a functional proof-of-concept for CVE-2024-10470, demonstrating an unauthenticated arbitrary file read and deletion vulnerability in the WPLMS Learning Management System for WordPress. The exploit leverages insufficient file path validation in the `envato-setup-export.php` endpoint to delete arbitrary files, potentially leading to remote code execution.

Classification
Working Poc 95%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WPLMS Learning Management System for WordPress <= 4.962
No auth needed
Prerequisites: Access to the target WordPress instance with the vulnerable WPLMS theme installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.3409
EPSS Percentile 98.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-22
Status published
Products (2)
vibethemes/wordpress_learning_management_system < 4.963
VibeThemes/WPLMS Learning Management System for WordPress, WordPress LMS < 4.962
Published Nov 09, 2024
Tracked Since Feb 18, 2026