CVE-2024-13418 is a critical vulnerability classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) found in the G5Theme Benaa Framework, which is integrated into multiple WordPress plugins and themes. The root cause is a missing capability check in the ajaxUploadFonts() function, which is responsible for handling font uploads via AJAX requests. This flaw allows any authenticated user with at least Subscriber-level privileges to upload arbitrary files, including potentially malicious scripts. Because WordPress Subscriber roles are typically low-privilege, this significantly lowers the attack barrier. Once an attacker uploads a malicious file, they can execute remote code on the server, leading to full site compromise. The vulnerability affects all versions of the Benaa Framework, indicating a systemic issue in the codebase. Despite being reported to Envato over two months before public disclosure, the patch is incomplete, leaving many sites vulnerable. The CVSS 3.1 score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates network exploitable, low attack complexity, requiring low privileges but no user interaction, with high impact on confidentiality, integrity, and availability. No known exploits have been observed in the wild yet, but the potential for damage is substantial given the widespread use of WordPress and the popularity of G5Theme products.

The impact of CVE-2024-13418 is severe for organizations using WordPress sites with the G5Theme Benaa Framework. Attackers with minimal privileges can upload arbitrary files, enabling remote code execution, which can lead to full site takeover. This compromises sensitive data confidentiality, allows unauthorized modifications (integrity), and can disrupt site availability through defacement or denial-of-service conditions. The vulnerability can be exploited to deploy backdoors, pivot to internal networks, or launch further attacks against users and connected systems. Given WordPress's extensive use globally, especially among small to medium businesses, bloggers, and e-commerce sites, the risk of widespread exploitation is high. The partial patch status increases the window of exposure, potentially allowing attackers to develop and deploy exploits. Organizations may face reputational damage, regulatory penalties, and operational disruptions if exploited.

To mitigate CVE-2024-13418, organizations should immediately audit their WordPress installations for the presence of the G5Theme Benaa Framework and any associated plugins or themes. Since the vulnerability affects all versions and the patch is incomplete, temporary mitigations include disabling or restricting access to the ajaxUploadFonts() AJAX endpoint via web application firewalls or server configuration to block unauthorized uploads. Implement strict role-based access controls to limit Subscriber-level accounts and monitor for unusual file upload activity. Regularly update all WordPress components and monitor vendor advisories for a complete patch release. Employ file integrity monitoring to detect unauthorized uploads and conduct security scans for web shells or malicious files. Consider isolating WordPress environments and applying least privilege principles to reduce attack surface. Finally, educate site administrators about the risk and signs of compromise to enable rapid incident response.