Redux Framework <= 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting #4006
Comments
|
The function in question was written circa early 2015 (when it used to be an extension) using a third-party JavaScript upload function that required a post to a PHP file, not in the WordPress workspace, meaning none of the WordPress API was available. The import function needs to be rewritten in the WordPress workspace (I'm 60% done as of this posting) and should have the fix completed by Friday. |
kprovance
added a commit
that referenced
this issue
Jul 19, 2024
|
Fixed in v4.4.18. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Vulnerability Title: Redux Framework <= 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting
CVE ID: CVE-2024-6828
CVSS Severity Score: 7.2 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Organization: Wordfence
Vulnerability Researcher(s): villu164
Software Link(s): https://wordpress.org/plugins/redux-framework
Description
The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in all versions up to and including 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize - to Remote Code Execution.
The text was updated successfully, but these errors were encountered: