cleantalk
Vulnerabilities and Security Researches

ColorMag, CVE-2024-2500

CVE, Research URL

CVE-2024-2500

Home page URL

Security reports for ColorMag

Application

ColorMag

Published on
Mar 22, 2024
Research Description
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.1.7.
Status
vulnerable
Previous vulnerability researches
ColorMag (CVE-2024-2500) , Jun 10, 2024
ColorMag (e2f429cd9dc53e7801fbc143441fc6fb2af47c10) , Jun 11, 2024
ColorMag (CVE-2025-9202) , Aug 22, 2025
ColorMag (CVE-2024-0679) , Jun 10, 2024
New vulnerability
Popup for CF7 with Sweet Alert (CVE-2025-48363) , Aug 23, 2025
WPPizza – A Restaurant Plugin (CVE-2025-57894) , Aug 23, 2025
ShortcodeHub – MultiPurpose Shortcode Builder (CVE-2025-7957) , Aug 23, 2025
Simple Login Log (CVE-2025-49438) , Aug 23, 2025
SensorPress (CVE-2025-49409) , Aug 23, 2025