WP Clinic
Log in Sign up

PLUGIN SECURITY

Is Redux Framework safe?

Known vulnerabilities, PHP compatibility and safer alternatives for the Redux Framework WordPress plugin — checked against WP Clinic's local security database.

Plugin details

  • Slug: redux-framework
  • Requires PHP: 7.4+
  • Max supported PHP (analyzed): 8.4

Known vulnerabilities

  • Redux Framework [redux-framework] < 4.2.13 [CVE-2021-38312, Gutenberg Template Library & Redux Framework <= 4.2.1 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion, Gutenberg Template Library &amp; Redux Framework &lt; 4.2.13 - Contributor+ Arbitrary Plugin Installation and Post Deletion]
  • Redux Framework [redux-framework] < 4.2.13 [CVE-2021-38314, WordPress Redux Framework plugin <= 4.2.11 - Incorrect Authorization Leading to Arbitrary Plugin Installation and Post Deletion vulnerability, WordPress Redux Framework plugin <= 4.2.11 - Sensitive Information Disclosure vulnerability, Gutenberg Template Library & Redux Framework <= 4.2.11 - Missing Authorization to Sensitive Information Disclosure, Gutenberg Template Library &amp; Redux Framework &lt; 4.2.13 - Unauthenticated Sensitive Information Disclosure]
  • Redux Framework [redux-framework] < 4.1.21 [WordPress Redux plugin <= 4.1.20 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability]
  • Redux Framework [redux-framework] >= 4.1.22 - <= 4.1.23 [WordPress Redux Framework <= 4.1.23 - Cross-Site Request Forgery (CSRF) Nonce Validation Bypass vulnerability]
  • Redux Framework [redux-framework] < 4.1.21 [WordPress Redux Framework plugin <= 4.1.20 - CSRF Nonce Validation Bypass vulnerability]
+ 6 more known vulnerabilities
  • Redux Framework [redux-framework] < 4.1.24 [Gutenberg Template Library & Redux Framework <= 4.1.23 - Cross-Site Request Forgery]
  • Redux Framework [redux-framework] < 4.1.21 [Gutenberg Template and Pattern Library & Redux Framework <= 4.1.20 - Cross-Site Request Forgery]
  • Redux Framework [redux-framework] < 4.1.21 [Redux Framework &lt; 4.1.21 - CSRF Nonce Validation Bypass]
  • Redux Framework [redux-framework] < 4.1.24 [Redux Framework 4.1.22 - 4.1.23 - CSRF Nonce Validation Bypass]
  • Redux Framework [redux-framework] < 4.4.18 [CVE-2024-6828, Redux Framework 4.4.12 - 4.4.17 - Unauthenticated JSON File Upload to Stored Cross-Site Scripting, WordPress Redux Framework Plugin <= 4.4.17 is vulnerable to Cross Site Scripting (XSS)]
  • Redux Framework [redux-framework] < 4.5.9 [Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter, Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter, EUVD-2025-203202]

Vulnerabilities are matched against the exact installed version when it's known. Always keep the plugin updated to the latest release.

Safer / more established alternatives

Check your own WordPress site

Run a free passive scan now, or create a free account and install the WP Clinic plugin for a deep scan of your whole hosting account and AI-assisted repair.