News Security

$2,751 Bounty Award: Avada WordPress Theme Vulnerability Patched

Recent developments have brought to light a critical security vulnerability found in the Avada WordPress theme. This post aims to relay pertinent information regarding the vulnerability, its discovery, responsible disclosure, and subsequent patching.

On February 6th, 2024, a submission unveiled an Arbitrary File Upload vulnerability in Avada, a widely utilized WordPress theme. The vulnerability, designated as CVE-2024-1468 and affecting versions up to 7.11.4, permitted authenticated attackers with contributor-level permissions or higher to upload arbitrary files onto servers, potentially resulting in remote code execution.

Responsible Disclosure and Patching

The discovery of the vulnerability was credited to Muhammad Zeeshan (Xib3rR4dAr), who responsibly reported it through a Bug Bounty Program. For their diligence, Zeeshan received a bounty of $2,751.00. Subsequently, ThemeFusion, the developer of Avada, swiftly responded to the disclosure by releasing a patch on February 12, 2024. The collaboration between the researcher and the developer facilitated the expedient mitigation of this critical security flaw.

Technical Analysis

An analysis revealed that the vulnerability stemmed from inadequate file type validation in the Avada theme’s page options import functionality. Despite a nonce check in the ajax_import_options() function, there was no restriction on file extensions, enabling attackers to upload malicious PHP files. Although the uploaded files were promptly deleted, attackers could exploit a race condition by continuously uploading files, potentially achieving remote code execution.

The release of Avada version 7.11.5 addressed this vulnerability, providing users with enhanced security. Users of the Avada WordPress theme are urged to update to the latest patched version immediately to safeguard their websites against potential exploits. The commitment to securing the WordPress ecosystem and the broader web remains a priority, as exemplified by Bug Bounty Programs and collaborative efforts with researchers like Muhammad Zeeshan, as observed in the disclosure facilitated through Wordfence.

To top

Discover more from ToolsLib Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading