Lucene search

K
prionPRIOn knowledge basePRION:CVE-2024-0679
HistoryJan 20, 2024 - 6:15 a.m.

Design/Logic Flaw

2024-01-2006:15:00
PRIOn knowledge base
www.prio-n.com
7
colormag
wordpress
theme
vulnerability
unauthorized access
capability check
plugin installation
nvd

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.2%

The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.

CPENameOperatorVersion
colormagle3.1.2

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.2%