3 matches found
CVE-2024-13418
CVE-2024-13418 is tied to WordPress ecosystems where multiple plugins/themes (notably the Smart Framework family: Benaa, April, Beyot, Auteur; and related plugins) expose an Arbitrary File Upload vulnerability via a missing capability check in ajaxUploadFonts(). The issue allows authenticated att...
CVE-2024-13420
CVE-2024-13420 is documented as a vulnerability in the WordPress ecosystem where the Smart Framework family (Beyot Framework, Benaa Framework, Auteur Framework, April Framework) suffers from missing authorization checks on AJAX actions (e.g., gsf_reset_section_options, gsf_create_preset_options)....
CVE-2024-13419
CVE-2024-13419 affects WordPress plugins/themes that use Smart Framework. The issue is a missing capability check in saveOptions() and importThemeOptions(), enabling authenticated users with Subscriber-level access or higher to update plugin/theme settings and inject custom JavaScript that runs s...