cleantalk
Vulnerabilities and Security Researches

ColorMag, e2f429cd9dc53e7801fbc143441fc6fb2af47c10

CVE, Research URL

e2f429cd9dc53e7801fbc143441fc6fb2af47c10

Home page URL

Security reports for ColorMag

Application

ColorMag

Published on
Jan 19, 2024
Research Description
ColorMag [colormag] < 3.1.3 ColorMag <= 3.1.2 - Missing Authorization to Arbitrary Plugin Installation The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
Affected versions
Min -, max 3.1.3.
Status
vulnerable
Previous vulnerability researches
ColorMag (CVE-2024-2500) , Jun 10, 2024
ColorMag (e2f429cd9dc53e7801fbc143441fc6fb2af47c10) , Jun 11, 2024
ColorMag (CVE-2025-9202) , Aug 22, 2025
ColorMag (CVE-2024-0679) , Jun 10, 2024
New vulnerability
WPPizza &#8211; A Restaurant Plugin (CVE-2025-57894) , Aug 23, 2025
ShortcodeHub &#8211; MultiPurpose Shortcode Builder (CVE-2025-7957) , Aug 23, 2025
Simple Login Log (CVE-2025-49438) , Aug 23, 2025
SensorPress (CVE-2025-49409) , Aug 23, 2025
Notice Bar (CVE-2025-49389) , Aug 23, 2025