The CS Framework plugin for WordPress, developed by Chimpstudio, contains a critical vulnerability identified as CVE-2024-12036, categorized under CWE-73 (External Control of File Name or Path). This vulnerability arises from improper validation of file paths in the get_widget_settings_json() function, which is responsible for retrieving widget settings in JSON format. Authenticated attackers with subscriber-level privileges or higher can exploit this flaw to read arbitrary files on the web server by manipulating the file path parameter. Since WordPress subscriber roles are commonly assigned to registered users with minimal privileges, the attack surface is broad within many WordPress installations. The vulnerability affects all versions of the CS Framework plugin up to and including version 6.9. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector, low attack complexity, no privileges required beyond subscriber access, and no user interaction needed. The impact is primarily on confidentiality, as attackers can access sensitive server files such as configuration files, credentials, or other private data, potentially leading to further exploitation or data breaches. There is no impact on integrity or availability. No patches or fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability's presence in a widely used WordPress plugin makes it a significant risk for websites relying on this framework for widget management.

This vulnerability can lead to unauthorized disclosure of sensitive information stored on the web server, including configuration files, database credentials, or other private data, which can be leveraged for further attacks such as privilege escalation, lateral movement, or data exfiltration. Since the attacker only needs subscriber-level access, which is commonly granted to registered users, the risk is elevated in environments with open or lightly controlled user registration. The breach of confidentiality can damage organizational reputation, lead to compliance violations, and result in financial losses. Although the vulnerability does not affect system integrity or availability directly, the information gained can facilitate more severe attacks. Organizations running WordPress sites with the CS Framework plugin are at risk, especially those hosting sensitive or regulated data. The lack of known exploits in the wild suggests limited active exploitation currently, but the ease of exploitation and high impact make it a critical issue to address promptly.

Organizations should immediately audit their WordPress installations to identify the presence of the CS Framework plugin and determine the version in use. Since no official patches are currently linked, administrators should consider the following mitigations: restrict subscriber-level user registrations to trusted individuals only; implement web application firewall (WAF) rules to detect and block suspicious requests targeting the get_widget_settings_json() function or unusual file path parameters; apply principle of least privilege by reviewing and minimizing user roles and permissions; monitor server logs for anomalous file access patterns indicative of exploitation attempts; consider temporarily disabling or removing the CS Framework plugin until a security patch is released; and keep abreast of vendor updates or security advisories for official fixes. Additionally, employing file integrity monitoring and regular backups can help detect and recover from potential breaches stemming from this vulnerability.