Lucene search

K
wpvulndbWpvulndbWPVDB-ID:D1F40DB4-F049-48A7-BCC4-CF0343CCAD95
HistoryJan 24, 2024 - 12:00 a.m.

ColorMag < 3.1.3 - Missing Authorization to Arbitrary Plugin Installation

2024-01-2400:00:00
wpscan.com
8
vulnerable
unauthorized access
capability check
plugin installation
authenticated attackers
subscriber-level access

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

Description The plugin is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, allowing authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.

CPENameOperatorVersion
eq3.1.3

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.1%

Related for WPVDB-ID:D1F40DB4-F049-48A7-BCC4-CF0343CCAD95