CVE-2024-13654 – This vulnerability in the ZoxPress WordPress th... (How to Fix)

Q: What is the severity of CVE-2024-13654?

CVE-2024-13654 has a CVSS score of 8.1 (HIGH). This vulnerability in the ZoxPress WordPress theme allows authenticated users with Subscriber-level access or higher to delete arbitrary WordPress option values. Attackers can delete critical options to cause errors and create a denial of service condition. All WordPress sites using ZoxPress theme versions up to 2.12.0 are affected.

📋 TL;DR

This vulnerability in the ZoxPress WordPress theme allows authenticated users with Subscriber-level access or higher to delete arbitrary WordPress option values. Attackers can delete critical options to cause errors and create a denial of service condition. All WordPress sites using ZoxPress theme versions up to 2.12.0 are affected.

💻 Affected Systems

Products:

ZoxPress - The All-In-One WordPress News Theme

Versions: All versions up to and including 2.12.0

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with ZoxPress theme active and at least one authenticated user with Subscriber role or higher.

📦 What is this software?

Zoxpress by Mvpthemes

View all CVEs affecting Zoxpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site unavailability by deleting critical WordPress options like 'siteurl' or 'home', requiring database restoration to recover.

🟠

Likely Case

Partial site functionality loss through deletion of theme-specific options, causing errors on frontend or admin areas.

🟢

If Mitigated

Minimal impact if proper user role management and monitoring are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access but only Subscriber-level permissions needed, which are commonly granted to site visitors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 2.12.0

Vendor Advisory: https://themeforest.net/item/zoxpress-allinone-wordpress-news-theme/25586170

Restart Required: No

Instructions:

1. Update ZoxPress theme to latest version via WordPress admin dashboard. 2. Verify theme version is above 2.12.0. 3. Clear any caching plugins/CDN caches.

🔧 Temporary Workarounds

Remove vulnerable theme

WordPress

Temporarily switch to default WordPress theme until patch is applied

wp theme activate twentytwentyfour

Restrict user registration

WordPress

Disable new user registration to prevent attackers from obtaining Subscriber accounts

wp option update users_can_register 0

🧯 If You Can't Patch

Implement strict user role management and review all Subscriber-level accounts
Enable WordPress security plugins with option change monitoring and implement regular database backups

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin dashboard > Appearance > Themes for ZoxPress theme version 2.12.0 or lower

Check Version:

wp theme list --name=zoxpress --field=version

Verify Fix Applied:

Verify ZoxPress theme version is above 2.12.0 in WordPress admin dashboard

📡 Detection & Monitoring

Log Indicators:

WordPress option deletion events in wp_options table
Unauthorized calls to reset_options function
Increased error logs from missing WordPress options

Network Indicators:

POST requests to admin-ajax.php or theme-specific endpoints with reset_options parameter

SIEM Query:

source="wordpress.log" AND ("option_name" AND "delete_option") OR ("reset_options")

📊 Metadata

CVE ID: CVE-2024-13654

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-862

EPSS Score: 0.15% exploit probability (35.1th percentile)

Published: February 12, 2025

Last Updated: February 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13654, you might also want to check these: