Vulnerabilities > G5Plus > Benaa
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-02 | CVE-2024-13418 | Unrestricted Upload of File with Dangerous Type vulnerability in G5Plus products Multiple plugins and/or themes for WordPress are vulnerable to Arbitrary File Uploads due to a missing capability check on the ajaxUploadFonts() function in various versions. | 8.8 |
| 2025-05-02 | CVE-2024-13419 | Missing Authorization vulnerability in G5Plus products Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions() and importThemeOptions() functions in various versions. | 5.4 |
| 2025-05-02 | CVE-2024-13420 | Code Injection vulnerability in G5Plus products Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access due to a missing capability check on several AJAX actions like 'gsf_reset_section_options', 'gsf_reset_section_options', 'gsf_create_preset_options' and more in various versions. | 4.3 |