CVE-2023-25447: WordPress ColorWay theme <= 4.2.3 - CSRF Leading to Arbitrary Plugin Activation - Patchstack

Solution

No fix

No patched version available.

Dave Jong (Patchstack) discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress ColorWay Theme. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

Other vulnerabilities in this theme

1 present

1 patched

View all

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more