VulnTitan VulnTitan Security command center
Vulnerability Report
Plugin Medium Patch path listed

Gutenberg Template Library & Redux Framework <= 4.1.23 - Cross-Site Request Forgery

The Gutenberg Template Library & Redux Framework plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.23. This is due to incorrect nonce validation in the 'Redux AJAX Save' class. This makes it possible for unauthenticated attackers to update the plugin's settings granted they can trick a site administrator into performing an action such as clicking on a link.

Quick Answer

This vulnerability is a medium severity with CVSS 5.3 Cross-Site Request Forgery issue affecting the Plugin Redux Framework. It affects Versions before 4.1.24 and is fixed in 4.1.24.

Back to Feed View Plugin Hub
Published
Dec 15, 2020
Last Updated
Jan 22, 2024
Slug
redux-framework
Operational Summary

What the operator needs to know

Share Email
Patch Status
Patched release is available
Remediation
Update to version 4.1.24, or a newer patched version
Operator Briefing

the tracked vulnerability is tracked for the Plugin Redux Framework as medium severity with CVSS 5.3. The affected range is Versions before 4.1.24. Update Redux Framework to 4.1.24 or newer where that version is compatible with the site.

Issue Type
Cross-Site Request Forgery
Primary Fixed Version
4.1.24
Primary Affected Range
Versions before 4.1.24
Tracking ID
adebcf1c-bb22-4a25-b79b-b76eb3b3023f
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/adebcf1c-bb22-4a25-b79b-b76eb3b3023f?source=api-prod
Detailed Metadata
Software Type Plugin
Software Slug
redux-framework View on wordpress.org
CVE No linked CVE entry.
Patched Versions
4.1.24
Affected Versions
Versions before 4.1.24
Related CVE Cluster

Related CVEs for Redux Framework

These internal links group the same WordPress plugin by CVE, issue type, severity, and patch status so operators and search engines can connect the full vulnerability cluster.

High CVE-2024-6828 4.4.18 Jul 22, 2024
CVE-2024-6828 Redux Framework Remote Code Execution

Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting

High CVE-2021-38312 4.2.13 Sep 01, 2021
CVE-2021-38312 Redux Framework Vulnerability

Gutenberg Template Library & Redux Framework <= 4.2.1 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion

Medium CVE-2025-9488 4.5.9 Dec 12, 2025
CVE-2025-9488 Redux Framework Stored Cross-Site Scripting

Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter

Medium CVE-2021-38314 4.2.13 Sep 01, 2021
CVE-2021-38314 Redux Framework Vulnerability

Gutenberg Template Library & Redux Framework <= 4.2.11 - Missing Authorization to Sensitive Information Disclosure

High 4.1.21 Nov 23, 2020
Redux Framework Cross-Site Request Forgery

Gutenberg Template and Pattern Library & Redux Framework <= 4.1.20 - Cross-Site Request Forgery

Licensing Notices

This record contains material that is subject to copyright

DEFIANT
Copyright 2012-2026 Defiant Inc.

License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. Read more