CVE-2024-6828
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Jul 23, 2024
Updated: Jul 24, 2024
CWE ID 434
Summary
CVE-2024-6828 is a vulnerability affecting the Redux Framework plugin for WordPress. In versions 4.4.12 to 4.4.17, the Redux_Color_Scheme_Import function lacks authorization and capability checks, leading to unauthenticated JSON file uploads. An attacker can exploit this vulnerability by uploading malicious JSON files, which may result in stored cross-site scripting attacks. In certain circumstances, where wp_filesystem fails to initialize, this issue could potentially allow for remote code execution.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share