CVE-2024-13420

Name of the Vulnerable Software and Affected Versions WordPress plugins and themes (affected versions not specified)

Description The issue concerns multiple plugins and/or themes for WordPress that are vulnerable to unauthorized access due to a missing capability check on several AJAX actions, such as gsf reset section options and gsf create preset options. This allows authenticated attackers with Subscriber-level access and above to reset and modify some plugin/theme settings. The problem was reported to Envato over two months ago, and although partial patches have been released, the issues remain vulnerable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.