Primary

Context

ColorMag WordPress Theme Missing Authorization Vulnerability in Welcome Notice Import Handler

Vulnerability

Patched

A vulnerability exists in the ColorMag theme for WordPress, in all versions through 4.0.19, allowing unauthorized data modification. This issue arises from a missing capability check in the welcome_notice_import_handler() function. As a result, authenticated attackers with Subscriber-level access or higher can install the ThemeGrill Demo Importer plugin.

Impact

Exploitation of this vulnerability allows for unauthorized installation of the ThemeGrill Demo Importer plugin, which could be misused to import demo content or settings, potentially leading to further exploitation or disruption of the site.

Remediation

Users are advised to update the ColorMag theme to version 4.0.20 or later.

Added: Aug 20, 2025, 7:17 AM

Updated: Aug 20, 2025, 7:17 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ColorMag WordPress Theme Missing Authorization Vulnerability in Welcome Notice Import Handler

Vulnerability

Impact

Remediation

Affected Products

ColorMag

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating