CVE-2024-0679

MEDIUM

ColorMag <3.1.2 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-0679. PoCs published by RandomRobbieBF.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2024-0679, which leverages a missing capability check in the ColorMag WordPress theme to allow authenticated users (subscriber+) to install and activate arbitrary plugins. The exploit automates login, nonce extraction, and plugin installation via the WordPress REST API.

Description

The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.

Exploits (1)

nomisec WORKING POC 2 stars
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-0679

This repository contains a functional Python exploit for CVE-2024-0679, which leverages a missing capability check in the ColorMag WordPress theme to allow authenticated users (subscriber+) to install and activate arbitrary plugins. The exploit automates login, nonce extraction, and plugin installation via the WordPress REST API.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: ColorMag WordPress theme <= 3.1.2
Auth required
Prerequisites: Valid WordPress credentials (subscriber+) · Target site running ColorMag theme <= 3.1.2
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.5
EPSS 0.0130
EPSS Percentile 66.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
themegrill/colormag < 3.1.2
themegrill/ColorMag < 3.1.2
Published Jan 20, 2024
Tracked Since Feb 18, 2026