cleantalk
Vulnerabilities and Security Researches

ColorMag, CVE-2024-0679

CVE, Research URL

CVE-2024-0679

Home page URL

Security reports for ColorMag

Application

ColorMag

Published on
Jan 20, 2024
Research Description
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
Affected versions
Min -, max 3.1.3.
Status
vulnerable
Previous vulnerability researches
ColorMag (CVE-2024-2500) , Jun 10, 2024
ColorMag (e2f429cd9dc53e7801fbc143441fc6fb2af47c10) , Jun 11, 2024
ColorMag (CVE-2025-9202) , Aug 22, 2025
ColorMag (CVE-2024-0679) , Jun 10, 2024
New vulnerability
Popup for CF7 with Sweet Alert (CVE-2025-48363) , Aug 23, 2025
WPPizza – A Restaurant Plugin (CVE-2025-57894) , Aug 23, 2025
ShortcodeHub – MultiPurpose Shortcode Builder (CVE-2025-7957) , Aug 23, 2025
Simple Login Log (CVE-2025-49438) , Aug 23, 2025
SensorPress (CVE-2025-49409) , Aug 23, 2025