cleantalk
Vulnerabilities and Security Researches

Redux Framework, CVE-2024-6828

CVE, Research URL

CVE-2024-6828

Home page URL

Security reports for Redux Framework

Application

Redux Framework

Published on
Jul 23, 2024
Research Description
The Redux Framework plugin for WordPress is vulnerable to unauthenticated JSON file uploads due to missing authorization and capability checks on the Redux_Color_Scheme_Import function in versions 4.4.12 to 4.4.17. This makes it possible for unauthenticated attackers to upload JSON files, which can be used to conduct stored cross-site scripting attacks and, in some rare cases, when the wp_filesystem fails to initialize - to Remote Code Execution.
Affected versions
Min -, max 4.4.18.
Status
vulnerable
Previous vulnerability researches
Redux Framework , Aug 28, 2025
Redux Framework (CVE-2024-6828) , Jul 23, 2024
Redux Framework (CVE-2021-38314) , Jun 07, 2024
Redux Framework (CVE-2021-38312) , Jun 07, 2024
New vulnerability
Tiktok Feed – Best TikTok feed plugin for WordPress (CVE-2025-54710) , Aug 29, 2025
GiveWP – Donation Plugin and Fundraising Platform (CVE-2025-7221) , Aug 29, 2025
Add Code To Head (CVE-2025-48314) , Aug 29, 2025
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-58195) , Aug 29, 2025
WP Bulk Delete (CVE-2025-58192) , Aug 29, 2025