{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T10:50:56.060","vulnerabilities":[{"cve":{"id":"CVE-2024-6828","sourceIdentifier":"security@wordfence.com","published":"2024-07-23T02:15:02.370","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize - to Remote Code Execution."},{"lang":"es","value":" El complemento Redux Framework para WordPress es vulnerable a cargas de archivos JSON no autenticados debido a la falta de autorización y comprobaciones de capacidad en la función Redux_Color_Scheme_Import en las versiones 4.4.12 a 4.4.17. Esto hace posible que atacantes no autenticados carguen archivos JSON, que pueden usarse para realizar ataques de Cross Site Scripting almacenado y, en algunos casos raros, cuando wp_filesystem no se inicializa, para la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://core.trac.wordpress.org/browser/tags/6.5.4/src/wp-includes/class-wp-theme-json.php#L1690","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-filesystem.php#L614","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-helpers.php#L938","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/extensions/color_scheme/color_scheme/class-redux-color-scheme-import.php#L75","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/fields/typography/redux-typography.js#L646","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/trunk/redux-core/inc/classes/class-redux-filesystem.php#L166","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18a37063-31aa-4b1f-b1a5-1ea921a20686?source=cve","source":"security@wordfence.com"},{"url":"https://core.trac.wordpress.org/browser/tags/6.5.4/src/wp-includes/class-wp-theme-json.php#L1690","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-filesystem.php#L614","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/classes/class-redux-helpers.php#L938","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/extensions/color_scheme/color_scheme/class-redux-color-scheme-import.php#L75","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/tags/4.4.17/redux-core/inc/fields/typography/redux-typography.js#L646","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plugins.trac.wordpress.org/browser/redux-framework/trunk/redux-core/inc/classes/class-redux-filesystem.php#L166","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/18a37063-31aa-4b1f-b1a5-1ea921a20686?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}