CVE-2024-13643
📋 TL;DR
The Zox News WordPress theme has a vulnerability that allows authenticated users with Subscriber-level access or higher to modify critical WordPress options. Attackers can escalate privileges to Administrator or delete options causing denial of service. All WordPress sites using Zox News theme versions up to 3.17.0 are affected.
💻 Affected Systems
- Zox News - Professional WordPress News & Magazine Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrative access, modify content, install malware, and potentially compromise the entire server.
Likely Case
Privilege escalation leading to unauthorized administrative access, followed by data theft, defacement, or malware injection.
If Mitigated
Limited impact if proper access controls and monitoring are in place, though option deletion could still cause temporary service disruption.
🎯 Exploit Status
Requires authenticated access but only at Subscriber level, which is the lowest WordPress user role. Exploitation involves simple HTTP requests to vulnerable functions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.17.1 or later
Vendor Advisory: https://mvpthemes.com/zoxnews/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Check if Zox News theme has updates available. 4. Update to version 3.17.1 or later. 5. Clear any caching plugins or CDN caches.
🔧 Temporary Workarounds
Disable vulnerable theme
WordPressSwitch to a different WordPress theme temporarily until patched
wp theme activate twentytwentyfour
Restrict user registration
WordPressDisable new user registration to prevent attacker account creation
wp option update users_can_register 0
🧯 If You Can't Patch
- Remove Subscriber-level user accounts or restrict their capabilities
- Implement web application firewall rules to block requests to backup_options() and reset_options() functions
🔍 How to Verify
Check if Vulnerable:
Check WordPress theme version: Navigate to Appearance > Themes and verify Zox News theme version is 3.17.0 or earlier.Check Version:
wp theme list --name=zoxnews --field=versionVerify Fix Applied:
Confirm Zox News theme version is 3.17.1 or later in Appearance > Themes. Test that Subscriber users cannot modify WordPress options.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=backup_options or action=reset_options from non-admin users
- Unexpected changes to wp_options table, particularly default_role or users_can_register
Network Indicators:
- HTTP POST requests containing 'backup_options' or 'reset_options' parameters from non-admin IP addresses
SIEM Query:
source="wordpress.log" AND (action="backup_options" OR action="reset_options") AND user_role!="administrator"