cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forcolormag colormag

Direction: ascending
Jun 10, 2024

ColorMag # CVE-2024-2500

CVE, Research URL

CVE-2024-2500

Home page URL

Security reports for ColorMag

Application

ColorMag

Date
Mar 22, 2024
Research Description
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable

ColorMag # CVE-2024-0679

CVE, Research URL

CVE-2024-0679

Home page URL

Security reports for ColorMag

Application

ColorMag

Date
Jan 20, 2024
Research Description
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
Affected versions
Min -, max -.
Status
vulnerable
Jun 11, 2024

ColorMag # e2f429cd9dc53e7801fbc143441fc6fb2af47c10

CVE, Research URL

e2f429cd9dc53e7801fbc143441fc6fb2af47c10

Home page URL

Security reports for ColorMag

Application

ColorMag

Date
Jan 19, 2024
Research Description
ColorMag [colormag] < 3.1.3 ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
Affected versions
Min -, max -.
Status
vulnerable
Aug 22, 2025

ColorMag # CVE-2025-9202

CVE, Research URL

CVE-2025-9202

Home page URL

Security reports for ColorMag

Application

ColorMag

Date
Aug 20, 2025
Research Description
The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin.
Affected versions
Min -, max -.
Status
vulnerable