CVE-2024-13655
📋 TL;DR
This vulnerability in the Flex Mag WordPress theme allows authenticated users with Subscriber-level access or higher to delete arbitrary WordPress option values. Attackers can exploit this to delete critical options, causing site errors and denial of service. All WordPress sites using Flex Mag theme versions up to 3.5.2 are affected.
💻 Affected Systems
- Flex Mag - Responsive WordPress News Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers delete critical WordPress options like 'siteurl' or 'home', causing complete site unavailability and requiring database restoration.
Likely Case
Attackers delete theme-specific options causing site functionality loss, broken layouts, or partial denial of service.
If Mitigated
With proper access controls and monitoring, impact limited to logged events and quick restoration from backups.
🎯 Exploit Status
Requires authenticated access (Subscriber role or higher). Exploitation involves calling the vulnerable AJAX callback function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 3.5.2
Vendor Advisory: https://themeforest.net/item/flex-mag-responsive-wordpress-news-theme/12772303
Restart Required: No
Instructions:
1. Update Flex Mag theme to latest version via WordPress admin panel. 2. Verify theme version is above 3.5.2. 3. Clear any caching plugins. 4. Test site functionality.
🔧 Temporary Workarounds
Remove vulnerable function
allDisable the vulnerable propanel_of_ajax_callback() function by removing or commenting it out in theme files.
Locate and edit theme's functions.php or relevant AJAX handler file
Restrict user roles
allTemporarily restrict Subscriber and Contributor roles from accessing the site until patched.
Use WordPress role management plugins or custom code to restrict access
🧯 If You Can't Patch
- Implement strict user role management and monitor for suspicious activity
- Enable comprehensive logging and set up alerts for option deletion events
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Appearance > Themes for Flex Mag theme version 3.5.2 or lower.Check Version:
WordPress admin: Appearance > Themes, or check theme's style.css file version headerVerify Fix Applied:
Verify theme version is above 3.5.2 in WordPress admin panel and test site functionality remains intact.📡 Detection & Monitoring
Log Indicators:
- WordPress option deletion events in logs
- AJAX calls to propanel_of_ajax_callback function
- Unauthorized wp_options table modifications
Network Indicators:
- POST requests to admin-ajax.php with action parameter containing 'propanel_of_ajax_callback'
SIEM Query:
source="wordpress.log" AND ("option_deleted" OR "propanel_of_ajax_callback")