Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in Colibri WP 1.0.94

  • Severity: medium-risk
  • Status: Fixed
  • Publication: April 26, 2024

The ColibriWP Theme framework, which is used by many WordPress themes, has a security issue that allows people to change data without permission. This is because there is no check in place to make sure the ‘activate_plugin’ action is authorized. As a result, people who are logged in and have at least subscriber-level access can activate any plugin they want.

Detected in:

Althea WP fixed vulnerable versions: >= * <= 1.0.13
Brite fixed vulnerable versions: >= * <= 1.0.11
Calliope fixed vulnerable versions: >= * <= 1.0.33
Colibri WP fixed vulnerable versions: >= * <= 1.0.94
Elevate WP fixed vulnerable versions: >= * <= 1.0.15
Hugo WP fixed vulnerable versions: >= * <= 1.0.8
Pathway fixed vulnerable versions: >= * <= 1.0.15
Teluro fixed vulnerable versions: >= * <= 1.0.31
Vertice fixed vulnerable versions: >= * <= 1.0.7

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.