Cs Framework

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:chimpstudio:cs_framework:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorChimpstudio (c3314495-e456-52cc-9712-bd8543d1a332)
ProductCs Framework (3511d989-18b5-5e72-82d2-d442a5d1d4ce)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-12036 vulnerable 2026-06-08 06:23:51.039638 CS Framework <= 7.1 - Authenticated (Subscriber+) Arbitrary File Read
HIGH (7.5)
The CS Framework plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.9 via the get_widget_settings_json() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Published: 2025-03-07T08:21:25.162Z
Updated: 2026-04-08T16:56:14.679Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-12035 vulnerable 2026-06-08 06:23:51.039317 CS Framework <= 7.0 - Authenticated (Subscriber+) Arbitrary File Deletion
HIGH (8.8)
The CS Framework plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the cs_widget_file_delete() function in all versions up to, and including, 6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Published: 2025-03-07T08:21:21.608Z
Updated: 2026-04-08T16:44:59.411Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.