cleantalk
Vulnerabilities and Security Researches

ColorMag, CVE-2025-9202

CVE, Research URL

CVE-2025-9202

Home page URL

Security reports for ColorMag

Application

ColorMag

Published on
Aug 20, 2025
Research Description
The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin.
Affected versions
Min -, max 4.0.20.
Status
vulnerable
Previous vulnerability researches
Jenga Payment Gateway for WooCommerce (CVE-2025-49432) , Aug 20, 2025
New vulnerability
Cloudflare Image Resizing – Optimize & Accelerate Your Images (CVE-2025-8723) , Aug 22, 2025
CubeWP – All-in-One Dynamic Content Framework (CVE-2025-54735) , Aug 22, 2025
WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress (CVE-2025-8895) , Aug 22, 2025
Laposta WooCommerce (CVE-2025-49434) , Aug 22, 2025
Themify Icons (CVE-2025-49395) , Aug 22, 2025