CVE-2024-13420

Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsf_reset_section_options', 'gsf_reset_section_options', 'gsf_create_preset_options' and more in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset and modify some of the plugin/theme settings. This issue was escalated to Envato over two months from the date of this disclosure and the issues, while partially patched, are still vulnerable.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://themeforest.net/item/beyot-wordpress-real-estate-theme/19514964	Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/6d484422-4adf-4370-b228-61496d5ad78a?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:g5plus:april::::::wordpress::*
	cpe:2.3:a:g5plus:auteur::::::wordpress::*
	cpe:2.3:a:g5plus:benaa::::::wordpress::*
	cpe:2.3:a:g5plus:beyot::::::wordpress::*

History

06 May 2025, 15:26

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-02 04:15

Updated : 2025-05-06 15:26

NVD link : CVE-2024-13420

Mitre link : CVE-2024-13420

CVE.ORG link : CVE-2024-13420

JSON object : View

Products Affected

g5plus

april
benaa
beyot
auteur

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

CWE-862

Missing Authorization

{"id": "CVE-2024-13420", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-05-02T04:15:46.047", "references": [{"url": "https://themeforest.net/item/beyot-wordpress-real-estate-theme/19514964", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d484422-4adf-4370-b228-61496d5ad78a?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsf_reset_section_options', 'gsf_reset_section_options', 'gsf_create_preset_options' and more in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset and modify some of the plugin/theme settings. This issue was escalated to Envato over two months from the date of this disclosure and the issues, while partially patched, are still vulnerable."}, {"lang": "es", "value": "Varios complementos y/o temas de WordPress son vulnerables a accesos no autorizados debido a la falta de comprobaci\u00f3n de capacidad en varias acciones AJAX, como 'gsf_reset_section_options', 'gsf_reset_section_options', 'gsf_create_preset_options' y otras, en varias versiones. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, restablezcan y modifiquen algunas configuraciones del complemento/tema. Este problema se escal\u00f3 a Envato m\u00e1s de dos meses despu\u00e9s de la fecha de esta divulgaci\u00f3n y, aunque parcialmente corregido, los problemas siguen siendo vulnerables."}], "lastModified": "2025-05-06T15:26:47.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:g5plus:april:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5D195890-0FF8-4495-8505-0C459EFB4CF6", "versionEndIncluding": "5.1"}, {"criteria": "cpe:2.3:a:g5plus:auteur:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "137669BF-653B-4E96-A7BC-31E632783C44", "versionEndIncluding": "7.1"}, {"criteria": "cpe:2.3:a:g5plus:benaa:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EB99B2F2-9DEF-45CC-A01E-D071BA2B30B6", "versionEndIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:g5plus:beyot:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "65AFC1E7-A0CC-4DC3-8592-019FC56C48F8", "versionEndIncluding": "6.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}