The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
References
Configurations
History
21 Nov 2024, 08:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237 - Issue Tracking | |
References | () https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve - Third Party Advisory |
26 Jan 2024, 18:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve - Third Party Advisory | |
References | () https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail= - Patch | |
References | () https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237 - Issue Tracking | |
CPE | cpe:2.3:a:themegrill:colormag:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-862 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
22 Jan 2024, 14:01
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-20 06:15
Updated : 2024-11-21 08:47
NVD link : CVE-2024-0679
Mitre link : CVE-2024-0679
CVE.ORG link : CVE-2024-0679
JSON object : View
Products Affected
themegrill
- colormag
CWE
CWE-862
Missing Authorization