CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize - to Remote Code Execution.
[
{
"cpes": [
"cpe:2.3:a:redux:gutenberg_template_library_\\&_redux_framework:*:*:*:*:*:*:*:*"
],
"vendor": "redux",
"product": "gutenberg_template_library_\\&_redux_framework",
"versions": [
{
"status": "affected",
"version": "4.4.12",
"versionType": "semver",
"lessThanOrEqual": "4.4.17"
}
],
"defaultStatus": "unknown"
}
]
core.trac.wordpress.org/browser/tags/6.5.4/src/wp-includes/class-wp-theme-json.php#L1690
plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-filesystem.php#L614
plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-helpers.php#L938
plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/extensions/color_scheme/color_scheme/class-redux-color-scheme-import.php#L75
plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/fields/typography/redux-typography.js#L646
plugins.trac.wordpress.org/browser/redux-framework/trunk/redux-core/inc/classes/class-redux-filesystem.php#L166
www.wordfence.com/threat-intel/vulnerabilities/id/18a37063-31aa-4b1f-b1a5-1ea921a20686?source=cve
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial