Cyber Resilience

CVE-2024-12036

High

Published: 07 March 2025

Published
07 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0018 39.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12036 is a high-severity External Control of File Name or Path (CWE-73) vulnerability in Themeforest (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 39.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-12036 is an arbitrary file read vulnerability in the CS Framework plugin for WordPress, affecting all versions up to and including 6.9. The issue stems from the get_widget_settings_json() function, which allows attackers to access the contents of arbitrary files on the server. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-73 (External Control of File Name or Path). The vulnerability was published on 2025-03-07.

Authenticated attackers with subscriber-level access or higher can exploit this vulnerability remotely over the network with low complexity. By leveraging the flawed function, they can read sensitive files on the server, potentially exposing configuration data, credentials, or other confidential information without impacting integrity or availability.

Advisories from Wordfence (https://www.wordfence.com/threat-intel/vulnerabilities/id/5ed1978e-1dd7-45d3-829a-1a75c1789827?source=cve) and the JobCareer theme page on ThemeForest (https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636), which integrates the CS Framework, provide additional details on the issue. Security practitioners should review these for patch availability and mitigation guidance, such as updating the plugin or restricting subscriber access.

EU & UK References

Vulnerability details

The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents…

more

of arbitrary files on the server, which can contain sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

The arbitrary file read vulnerability directly enables collection of data from the local system (T1005) and specifically facilitates access to unsecured credentials stored in files such as configuration files (T1552.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-53912Shared CWE-73
CVE-2019-25472Shared CWE-73
CVE-2026-48920Shared CWE-73
CVE-2025-0211Shared CWE-73
CVE-2026-33354Shared CWE-73
CVE-2026-5210Shared CWE-73
CVE-2026-8043Shared CWE-73
CVE-2026-43891Shared CWE-73
CVE-2025-68428Shared CWE-73
CVE-2026-29611Shared CWE-73

Affected Assets

Themeforest
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Remediating the flaw in the CS Framework plugin's get_widget_settings_json() function directly prevents arbitrary file reads by applying patches available post-version 6.9.

prevent

Validating inputs to the get_widget_settings_json() function prevents external control of file paths (CWE-73), blocking path traversal for arbitrary file reads.

prevent

Enforcing access controls ensures authenticated subscriber-level users cannot bypass restrictions to read arbitrary sensitive files on the server.

References