PT-2025-10055 · WordPress · Cs Framework
Tonn
·
Published
2025-03-07
·
Updated
2025-03-08
·
CVE-2024-12036
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CS Framework plugin for WordPress versions prior to 6.9
Description
The issue allows authenticated attackers with subscriber-level access and above to read the contents of arbitrary files on the server, potentially containing sensitive information, via the
get widget settings json() function.Recommendations
For versions prior to 6.9, update to a version that includes a fix for this issue to prevent arbitrary file read. As a temporary workaround, consider restricting access to the
get widget settings json() function until a patch is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cs Framework