CVE-2024-13420 is a vulnerability classified under CWE-94 (Improper Control of Generation of Code) affecting the G5Theme Benaa Framework, which is integrated into multiple WordPress plugins and themes. The core issue arises from missing capability checks on several AJAX endpoints, including 'gsf_reset_section_options' and 'gsf_create_preset_options'. These AJAX actions are intended to allow authorized users to reset or create preset options within the theme or plugin settings. However, due to inadequate access control, any authenticated user with at least Subscriber-level privileges can invoke these actions to reset or modify configuration settings without proper authorization. This unauthorized modification can lead to integrity issues, potentially altering site behavior or appearance in unintended ways. The vulnerability is network exploitable (AV:N), requires low attack complexity (AC:L), and requires privileges (PR:L) but no user interaction (UI:N). The scope is unchanged (S:U), and the impact affects integrity only (I:L), with no confidentiality or availability impact. The CVSS v3.1 base score is 4.3, indicating medium severity. The vulnerability was reported to Envato and partially patched, but some versions remain vulnerable, highlighting the need for thorough patch management. No public exploits have been observed in the wild to date. This vulnerability underscores the importance of enforcing strict capability checks on AJAX actions in WordPress themes and plugins to prevent unauthorized configuration changes by low-privileged users.

The primary impact of CVE-2024-13420 is on the integrity of WordPress sites using the G5Theme Benaa Framework. Unauthorized users with Subscriber-level access can reset or modify theme or plugin settings, potentially disrupting site functionality, appearance, or behavior. While this does not directly expose sensitive data or cause denial of service, unauthorized configuration changes can lead to degraded user experience, misconfiguration, or indirect security risks if malicious settings are applied. For organizations, this could result in reputational damage, increased support costs, and potential exploitation as a foothold for further attacks if combined with other vulnerabilities. Since the vulnerability requires authenticated access, the risk is higher in environments where subscriber accounts are easily created or compromised. The lack of a complete patch means organizations remain exposed until fully remediated. Overall, the impact is medium but can be significant in high-value or high-traffic WordPress deployments.

Organizations should immediately verify whether their WordPress installations use the G5Theme Benaa Framework or related plugins/themes and identify affected versions. They must apply any available patches or updates from the vendor promptly. If patches are not yet available or incomplete, administrators should restrict Subscriber-level user capabilities to the minimum necessary, potentially disabling or limiting access to AJAX actions related to resetting or creating preset options. Implementing Web Application Firewall (WAF) rules to monitor and block unauthorized AJAX requests targeting 'gsf_reset_section_options' and similar endpoints can provide temporary protection. Regularly audit user roles and permissions to prevent privilege escalation or unauthorized account creation. Additionally, monitoring logs for suspicious AJAX activity can help detect exploitation attempts. Engage with the vendor or Envato to track patch progress and apply updates as soon as they are released. Finally, consider isolating or sandboxing affected sites to limit potential damage.