kprovance
commented
3 months ago The function in question was written circa early 2015 (when it used to be an extension) using a third-party JavaScript upload function that required a post to a PHP file, not in the WordPress workspace, meaning none of the WordPress API was available.
The import function needs to be rewritten in the WordPress workspace (I'm 60% done as of this posting) and should have the fix completed by Friday.
Vulnerability Title: Redux Framework <= 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting CVE ID: CVE-2024-6828 CVSS Severity Score: 7.2 (High) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Organization: Wordfence Vulnerability Researcher(s): villu164 Software Link(s): https://wordpress.org/plugins/redux-framework
Description The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in all versions up to and including 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize - to Remote Code Execution.