Vulnerabilities > Colorlib

DATE CVE VULNERABILITY TITLE RISK
2024-10-21 CVE-2024-49321 Missing Authorization vulnerability in Colorlib Simple Custom Post Order
Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7.
network
low complexity
colorlib CWE-862
4.3
2023-06-07 CVE-2020-36708 Code Injection vulnerability in multiple products
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4.
network
low complexity
machothemes colorlib cpothemes CWE-94
critical
9.8
2023-06-07 CVE-2020-36721 Missing Authorization vulnerability in multiple products
The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation.
network
low complexity
machothemes colorlib cpothemes CWE-862
6.5
2023-04-16 CVE-2022-45849 Unspecified vulnerability in Colorlib Activello Theme
Auth.
network
low complexity
colorlib
5.4
2023-04-13 CVE-2022-45358 Cross-site Scripting vulnerability in Colorlib Activello
Auth.
network
low complexity
colorlib CWE-79
5.4
2022-06-20 CVE-2022-1945 Cross-site Scripting vulnerability in Colorlib Coming Soon & Maintenance Mode
The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfiltered_html is disallowed (for example in multisite setup)
network
low complexity
colorlib CWE-79
4.8