CVE-2015-10139

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WPLMS versions 1.5.2 through 1.8.4.1

Description The WPLMS theme for WordPress is susceptible to privilege escalation via the wp ajax import data API endpoint. Authenticated attackers can modify restricted settings and potentially create a new accessible admin account.

Recommendations Update WPLMS to a version later than 1.8.4.1.

Exploit

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2015-10139

Affected Products

Wplms

CVE-2015-10139

Weakness Enumeration

Related Identifiers

Affected Products

References · 10