cleantalk
Vulnerabilities and Security Researches

Redux Framework, CVE-2021-38312

CVE, Research URL

CVE-2021-38312

Home page URL

Security reports for Redux Framework

Application

Redux Framework

Published on
Sep 02, 2021
Research Description
The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts.
Affected versions
Min -, max 4.2.13.
Status
vulnerable
Previous vulnerability researches
Redux Framework , Aug 28, 2025
Redux Framework (CVE-2024-6828) , Jul 23, 2024
Redux Framework (CVE-2021-38314) , Jun 07, 2024
Redux Framework (CVE-2021-38312) , Jun 07, 2024
New vulnerability
Tiktok Feed &#8211; Best TikTok feed plugin for WordPress (CVE-2025-54710) , Aug 29, 2025
GiveWP &#8211; Donation Plugin and Fundraising Platform (CVE-2025-7221) , Aug 29, 2025
Add Code To Head (CVE-2025-48314) , Aug 29, 2025
130+ Widgets | Best Addons For Elementor &#8211; FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025