cleantalk
Vulnerabilities and Security Researches

Colibri WP, CVE-2024-1360

CVE, Research URL

CVE-2024-1360

Home page URL

Security reports for Colibri WP

Application

Colibri WP

Published on
Feb 23, 2024
Research Description
The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 1.0.101.
Status
vulnerable
Previous vulnerability researches
Colibri WP (CVE-2024-1360) , Jun 10, 2024
Colibri WP (CVE-2024-33686) , Jun 10, 2024
New vulnerability
Lottie Player block – Implement Lottie animations. (CVE-2025-2579) , Apr 26, 2025
360 Product Rotation (CVE-2024-13823) , Apr 26, 2025
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2025-39400) , Apr 26, 2025
License For Envato (CVE-2025-39399) , Apr 25, 2025
occupancyplan (CVE-2025-46450) , Apr 25, 2025