CVE-2024-13418

Summary

Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that can make remote code execution possible. This issue was escalated to Envato over two months from the date of this disclosure and the issue, while partially patched, is still vulnerable.

Affected Software

VendorProductVersion RangeStatus
G5ThemeBenaa Framework0 <= 4.0.0affected
G5ThemeApril Framework0 <= 5.1affected
G5ThemeBeyot Framework0 <= 6.0.6affected
G5ThemeAuteur Framework0 <= 7.1affected

Weaknesses

  • CWE-434: CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References