CVE-2024-13418 – WordPress Theme/Plugin Arbitrary File Upload Vulnerability

May 2, 2025

CVE ID : CVE-2024-13418

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files that can make remote code execution possible. This issue was escalated to Envato over two months from the date of this disclosure and the issue, while partially patched, is still vulnerable.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13419 – WordPress Smart Framework Stored Cross-Site Scripting

Next Article CVE-2024-13344 – WooCommerce Advance Seat Reservation SQL Injection

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Why Inclusive Design Solutions Are important for Accessibility

Why Inclusive Design Solutions Are important for Accessibility

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

CVE-2024-13418 – WordPress Theme/Plugin Arbitrary File Upload Vulnerability

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

CVE-2025-23121 Remote Code Execution in Veeam

Expo in 2025: Unlocking Production-Ready Power for Scalable React Native Apps

CVE-2025-4141 – Netgear EX6200 Remote Buffer Overflow Vulnerability

A Quick Guide to Escaping PHP Data in WordPress

Dutch Espionage Law Update 2025: Cyber Offenses Now Punishable by Up to 12 Years

Top Factors to Consider When Choosing the Right AI Service Provider🤖

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

The ethics of advanced AI assistants

CVE-2025-5147 – Netcore NBR1005GPEV2, NBR200V2, B6V2 Command Injection Vulnerability

CVE-2024-13418 – WordPress Theme/Plugin Arbitrary File Upload Vulnerability

Related Posts