Platform
wordpress
Component
cs-framework
Fixed in
7.0.1
CVE-2024-12035 is an arbitrary file deletion vulnerability affecting the CS Framework plugin for WordPress. An authenticated attacker, possessing Subscriber-level access or higher, can leverage this flaw to delete files on the server due to inadequate file path validation. Successful exploitation can lead to remote code execution, particularly if critical configuration files like wp-config.php are targeted. This vulnerability impacts versions of the CS Framework plugin up to and including 6.9.
The primary impact of CVE-2024-12035 is the potential for remote code execution (RCE). By exploiting the insufficient file path validation in the cswidgetfile_delete() function, an attacker can delete any file the web server process has write access to. The most critical scenario involves deleting wp-config.php, which contains sensitive database credentials and other configuration details. Deletion of this file effectively disables the WordPress site and allows an attacker to potentially reconstruct it with malicious code. Beyond wp-config.php, other configuration files or even application code could be targeted, leading to complete system compromise. The blast radius extends to the entire WordPress installation and potentially any connected databases or services.
CVE-2024-12035 was published on 2025-03-07. The vulnerability's severity is rated as High (CVSS 8.8). Public proof-of-concept (POC) code is likely to emerge given the ease of exploitation and the potential for RCE. The vulnerability is not currently listed on KEV or EPSS, suggesting a low to medium probability of active exploitation at this time, but this could change rapidly. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
1.66% (82% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-12035 is to upgrade the CS Framework plugin to a version that addresses the vulnerability. Check the WordPress plugin repository for the latest version. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting file access permissions on the server to minimize the potential impact. Implement a Web Application Firewall (WAF) rule to block requests to the cswidgetfile_delete() function, or any other potentially vulnerable endpoints within the plugin. Monitor WordPress logs for suspicious file deletion activity. After upgrading, verify the fix by attempting to delete a non-critical file through the plugin's interface to ensure proper validation is now enforced.
Actualice el plugin CS Framework a una versión posterior a la 7.0. Esto solucionará la vulnerabilidad de eliminación arbitraria de archivos. Si no hay una versión disponible, considere deshabilitar el plugin hasta que se publique una actualización.
Vulnerability analysis and critical alerts directly to your inbox.
It's an arbitrary file deletion vulnerability in the CS Framework WordPress plugin, allowing authenticated users to delete files on the server, potentially leading to remote code execution.
If you're using the CS Framework plugin in WordPress and are running a version 6.9 or earlier, you are potentially affected by this vulnerability.
Upgrade the CS Framework plugin to the latest available version to patch the vulnerability. If immediate upgrade isn't possible, implement temporary mitigation measures like WAF rules.
While not currently listed on KEV or EPSS, the ease of exploitation suggests a potential for active exploitation, so vigilance is advised.
Refer to the official WordPress plugin repository for updates and security advisories related to the CS Framework plugin and the CVE-2024-12035 vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.