CVE-2024-6828
📋 TL;DR
The Redux Framework WordPress plugin versions 4.4.12 to 4.4.17 allow unauthenticated attackers to upload JSON files due to missing authorization checks. This can lead to stored cross-site scripting attacks and, in rare cases when wp_filesystem fails, remote code execution. WordPress sites using vulnerable Redux Framework versions are affected.
💻 Affected Systems
- WordPress Redux Framework Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data theft, and persistent backdoor installation.
Likely Case
Stored cross-site scripting attacks allowing session hijacking, credential theft, and website defacement.
If Mitigated
Unauthorized file uploads blocked, but potential for denial-of-service attempts remains.
🎯 Exploit Status
Unauthenticated exploitation with simple HTTP requests makes this easily weaponizable.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.4.18
Vendor Advisory: https://wordpress.org/plugins/redux-framework/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Redux Framework and click 'Update Now'. 4. Verify version is 4.4.18 or higher.
🔧 Temporary Workarounds
Disable Redux Framework Plugin
allTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate redux-framework
Block Unauthenticated File Upload Endpoints
allUse web application firewall to block access to vulnerable endpoints.
🧯 If You Can't Patch
- Disable the Redux Framework plugin immediately.
- Implement strict WAF rules to block all unauthenticated POST requests to /wp-admin/admin-ajax.php with redux_upload action.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Redux Framework version. If between 4.4.12 and 4.4.17, vulnerable.Check Version:
wp plugin list --name=redux-framework --field=versionVerify Fix Applied:
Verify Redux Framework version is 4.4.18 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=redux_upload
- Unauthenticated file upload attempts to Redux endpoints
- JSON file uploads from unauthenticated IPs
Network Indicators:
- HTTP POST to /wp-admin/admin-ajax.php with redux_upload parameter
- JSON file uploads without authentication cookies
SIEM Query:
source="web_logs" AND uri_path="/wp-admin/admin-ajax.php" AND http_method="POST" AND (form_data CONTAINS "redux_upload" OR query_string CONTAINS "redux_upload")🔗 References
- https://core.trac.wordpress.org/browser/tags/6.5.4/src/wp-includes/class-wp-theme-json.php#L1690
- https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-filesystem.php#L614
- https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-helpers.php#L938
- https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/extensions/color_scheme/color_scheme/class-redux-color-scheme-import.php#L75
- https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/fields/typography/redux-typography.js#L646
- https://plugins.trac.wordpress.org/browser/redux-framework/trunk/redux-core/inc/classes/class-redux-filesystem.php#L166
- https://www.wordfence.com/threat-intel/vulnerabilities/id/18a37063-31aa-4b1f-b1a5-1ea921a20686?source=cve
- https://core.trac.wordpress.org/browser/tags/6.5.4/src/wp-includes/class-wp-theme-json.php#L1690
- https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-filesystem.php#L614
- https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-helpers.php#L938
- https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/extensions/color_scheme/color_scheme/class-redux-color-scheme-import.php#L75
- https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/fields/typography/redux-typography.js#L646
- https://plugins.trac.wordpress.org/browser/redux-framework/trunk/redux-core/inc/classes/class-redux-filesystem.php#L166
- https://www.wordfence.com/threat-intel/vulnerabilities/id/18a37063-31aa-4b1f-b1a5-1ea921a20686?source=cve
