Vulnerabilities > Colorlib
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-21 | CVE-2024-49321 | Missing Authorization vulnerability in Colorlib Simple Custom Post Order Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7. | 4.3 |
| 2023-06-07 | CVE-2020-36708 | Code Injection vulnerability in multiple products The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. | 9.8 |
| 2023-06-07 | CVE-2020-36721 | Missing Authorization vulnerability in multiple products The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. | 6.5 |
| 2023-04-16 | CVE-2022-45849 | Cross-site Scripting vulnerability in Colorlib Activello Theme Auth. | 5.4 |
| 2023-04-13 | CVE-2022-45358 | Cross-site Scripting vulnerability in Colorlib Activello Auth. | 5.4 |
| 2022-06-20 | CVE-2022-1945 | Cross-site Scripting vulnerability in Colorlib Coming Soon & Maintenance Mode The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfiltered_html is disallowed (for example in multisite setup) | 4.8 |