CVE-2024-13420: CWE-94 Improper Control of Generation of Code ('Code Injection') in G5Theme Benaa Framework
Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsf_reset_section_options', 'gsf_reset_section_options', 'gsf_create_preset_options' and more in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset and modify some of the plugin/theme settings. This issue was escalated to Envato over two months from the date of this disclosure and the issues, while partially patched, are still vulnerable.
AI Analysis
Technical Summary
CVE-2024-13420 is a vulnerability classified as CWE-94 (Improper Control of Generation of Code or Code Injection) affecting the G5Theme Benaa Framework used in multiple WordPress plugins and themes. The root cause is missing capability checks on several AJAX actions such as 'gsf_reset_section_options' and 'gsf_create_preset_options'. This allows authenticated attackers with low privilege (Subscriber-level) to reset and modify certain plugin or theme settings, potentially leading to unauthorized configuration changes. The vulnerability has been partially addressed by the vendor after escalation but remains partially unpatched as of the latest disclosure.
Potential Impact
The vulnerability allows authenticated users with minimal privileges to modify plugin or theme settings without proper authorization, impacting the integrity of the affected WordPress installations. There is no direct confidentiality or availability impact reported. No known exploits in the wild have been documented.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the issue is partially patched but still vulnerable, users should monitor for official updates from G5Theme or Envato. Until a full fix is available, restrict user roles to trusted individuals and limit Subscriber-level access where possible to reduce risk.
CVE-2024-13420: CWE-94 Improper Control of Generation of Code ('Code Injection') in G5Theme Benaa Framework
Description
Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsf_reset_section_options', 'gsf_reset_section_options', 'gsf_create_preset_options' and more in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset and modify some of the plugin/theme settings. This issue was escalated to Envato over two months from the date of this disclosure and the issues, while partially patched, are still vulnerable.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-13420 is a vulnerability classified as CWE-94 (Improper Control of Generation of Code or Code Injection) affecting the G5Theme Benaa Framework used in multiple WordPress plugins and themes. The root cause is missing capability checks on several AJAX actions such as 'gsf_reset_section_options' and 'gsf_create_preset_options'. This allows authenticated attackers with low privilege (Subscriber-level) to reset and modify certain plugin or theme settings, potentially leading to unauthorized configuration changes. The vulnerability has been partially addressed by the vendor after escalation but remains partially unpatched as of the latest disclosure.
Potential Impact
The vulnerability allows authenticated users with minimal privileges to modify plugin or theme settings without proper authorization, impacting the integrity of the affected WordPress installations. There is no direct confidentiality or availability impact reported. No known exploits in the wild have been documented.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the issue is partially patched but still vulnerable, users should monitor for official updates from G5Theme or Envato. Until a full fix is available, restrict user roles to trusted individuals and limit Subscriber-level access where possible to reduce risk.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-01-15T18:34:34.794Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9838c4522896dcbec0bb
Added to database: 5/21/2025, 9:09:12 AM
Last enriched: 4/9/2026, 1:03:55 PM
Last updated: 5/10/2026, 1:43:55 PM
Views: 75
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.