2 matches found
CVE-2024-2500
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and...
CVE-2024-2500
CVE-2024-2500 affects ColorMag WordPress theme up to v3.1.6, where a Stored Cross-Site Scripting (XSS) flaw arises from a user's Display Name due to insufficient input sanitization and output escaping. The vulnerability requires authenticated access at Contributor level or higher and can allow in...