The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize - to Remote Code Execution.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-07-23T02:01:39.248Z
Updated: 2024-08-01T21:45:38.314Z
Reserved: 2024-07-16T23:35:55.802Z
Link: CVE-2024-6828
Vulnrichment
Updated: 2024-08-01T21:45:38.314Z
NVD
Status : Awaiting Analysis
Published: 2024-07-23T02:15:02.370
Modified: 2024-07-24T12:55:13.223
Link: CVE-2024-6828
Redhat
No data.