Privilege Escalation Vulnerability in Exertio Framework by WordPress
CVE-2024-13373

8.1HIGH

Key Information:

Vendor: WordPress
Status: Exertio Framework
Vendor: CVE Published:; 1 March 2025

What is CVE-2024-13373?

The Exertio Framework plugin for WordPress is susceptible to a vulnerability that allows an unauthenticated attacker to escalate privileges by exploiting the fl_forgot_pass_new() function. This flaw arises from inadequate validation of a user's identity during password updates, enabling attackers to reset passwords for any user account, including that of administrators. Consequently, this vulnerability can be leveraged to gain unauthorized access to sensitive accounts, posing a significant threat to the security of websites utilizing this plugin.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Exertio Framework * <= 1.3.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/exertio-freelance-marketplac...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2025
Vulnerability Reserved
Jan 13, 2025

Credit

Friderika Baranyai

JSON

WordPress

What is CVE-2024-13373?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.