CVE-2024-13797 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-13797?

CVE-2024-13797 has a CVSS score of 7.3 (HIGH). This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes in the PressMart theme. Attackers can potentially inject malicious code, create backdoors, or manipulate site content. All WordPress sites using PressMart theme versions up to 1.2.16 are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to execute arbitrary WordPress shortcodes in the PressMart theme. Attackers can potentially inject malicious code, create backdoors, or manipulate site content. All WordPress sites using PressMart theme versions up to 1.2.16 are affected.

💻 Affected Systems

Products:

PressMart - Modern Elementor WooCommerce WordPress Theme

Versions: All versions up to and including 1.2.16

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress with the PressMart theme installed and activated.

📦 What is this software?

Pressmart by Presslayouts

View all CVEs affecting Pressmart →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise through remote code execution, data theft, defacement, or malware injection via malicious shortcodes.

🟠

Likely Case

Content manipulation, privilege escalation, or backdoor installation through carefully crafted shortcodes.

🟢

If Mitigated

Limited to content injection if shortcode execution is restricted and proper input validation is in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Attack requires no authentication and shortcode execution is straightforward once the vulnerability is identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.2.17 or later

Vendor Advisory: https://themeforest.net/item/pressmart-modern-elementor-woocommerce-wordpress-theme/39241221

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Appearance > Themes. 3. Update PressMart theme to version 1.2.17 or later. 4. Clear any caching plugins/CDN caches.

🔧 Temporary Workarounds

Disable vulnerable theme

all

Switch to a different WordPress theme temporarily until patch is applied

Restrict access

all

Use web application firewall rules to block suspicious shortcode execution attempts

🧯 If You Can't Patch

Implement strict input validation for all user-controlled parameters
Deploy web application firewall with rules to detect and block shortcode injection attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes > PressMart theme version. If version is 1.2.16 or lower, system is vulnerable.

Check Version:

wp theme list --field=name,version | grep pressmart

Verify Fix Applied:

Confirm PressMart theme version is 1.2.17 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual shortcode execution patterns in WordPress debug logs
Multiple failed authentication attempts followed by theme-related actions

Network Indicators:

HTTP POST requests containing shortcode parameters to theme-specific endpoints
Unusual traffic to /wp-content/themes/pressmart/

SIEM Query:

source="wordpress" AND (shortcode_execution OR theme="pressmart")

📊 Metadata

CVE ID: CVE-2024-13797

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-94

EPSS Score: 1.97% exploit probability (83.2th percentile)

Published: February 18, 2025

Last Updated: February 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13797, you might also want to check these: