High-Risk Vulnerability in WPLMS WordPress Theme Threatens Thousands of Sites

by Justin Erickson

A critical security vulnerability in the WPLMS WordPress theme, designated CVE-2024-10470, has exposed thousands of websites to potential unauthorized access. This flaw, rated with a CVSS score of 9.8, allows unauthenticated attackers to gain administrative privileges, which leads to compromised site control and possible data exposure. Site administrators using the WPLMS theme are urged to apply the latest security patch immediately to protect against exploitation and ensure site security, as it can be accessed without the theme being active.