WordPress Redux Framework Plugin: Unauthenticated JSON File Upload Vulnerability (CVE-2024-6828)

The Redux Framework plugin is a powerful and extensible options framework for WordPress that allows developers to create custom themes and plugins with an intuitive user interface for settings and configurations.

On July 22th, 2024, a high security vulnerability was discovered in the Redux Framework plugin for WordPress, marked as CVE-2024-6828. The plugins have more than 10 lakh active installations. This flaw, rated with a CVSS3.x score of 7.2 out of 10.0, is identified as an JSON File Upload to Stored Cross-Site Scripting vulnerability impacting Redux Framework plugin versions 4.4.12 through 4.4.17.

Qualys Web Application Scanning released a QID 152042 to address CVE-2024-6828.

About CVE-2024-6828

Severity 4
CVSS 3.x Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CVSS 3.x Score 7.2
Affected Versions 4.4.12 through 4.4.17

The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize to Remote Code Execution.

Impact

Successful exploitation of this vulnerability could allow unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and in some rare cases, when the wp_filesystem fails to initialize to Remote Code Execution.

Mitigation

Customers are advised to upgrade to Redux Framework plugin 4.4.18 or later version to remediate this vulnerability.

References

https://github.com/advisories/GHSA-qfc3-gmpf-rm94

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/redux-framework/redux-framework-4412-4417-unauthenticated-json-file-upload-to-stored-cross-site-scripting

https://nvd.nist.gov/vuln/detail/CVE-2024-6828

Leave a Reply

Your email address will not be published. Required fields are marked *