Vulnerabilities and security researches forcolibri-wp colibri-wp

Jun 10, 2024

CVE, Research URL: CVE-2024-33686
Home page URL: Security reports for Colibri WP
Application: Colibri WP
Date: Apr 29, 2024
Research Description: Missing Authorization vulnerability in Extend Themes Pathway, Extend Themes Hugo WP, Extend Themes Althea WP, Extend Themes Elevate WP, Extend Themes Brite, Extend Themes Colibri WP, Extend Themes Vertice.This issue affects Pathway: from n/a through 1.0.15; Hugo WP: from n/a through 1.0.8; Althea WP: from n/a through 1.0.13; Elevate WP: from n/a through 1.0.15; Brite: from n/a through 1.0.11; Colibri WP: from n/a through 1.0.94; Vertice: from n/a through 1.0.7.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-1360
Home page URL: Security reports for Colibri WP
Application: Colibri WP
Date: Feb 23, 2024
Research Description: The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable