6 matches found
CVE-2025-9202
The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-9202 ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation
The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-9202 ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation
The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcomenoticeimporthandler function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above...
PT-2025-33905 · Themegrill +1 · Themegrill-Demo-Importer +1
Name of the Vulnerable Software and Affected Versions: ColorMag versions prior to 4.0.20 Description: The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the welcome notice import handler function. This allows authenticated...
CVE-2021-39333
CVE-2021-39333 : The Hashthemes Demo Importer Plugin for WordPress (versions
PT-2021-22539 · Hasthemes · Hashthemes Demo Importer Plugin
Name of the Vulnerable Software and Affected Versions: Hashthemes Demo Importer Plugin versions 1.1.1 and earlier Description: The issue allows logged-in users to execute a function that truncates nearly all database tables and removes the contents of wp-content/uploads, due to several AJAX...