Bug 2259509 (CVE-2024-0679)

Summary: CVE-2024-0679 wordpress: vulnerable to unauthorized access due to a missing capability check
Product: [Other] Security Response Reporter: Rohit Keshri <rkeshri>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2259510, 2259511    
Bug Blocks:    

Description Rohit Keshri 2024-01-22 07:03:39 UTC 
The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.

https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237
https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail=
https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve
Comment 1 Rohit Keshri 2024-01-22 07:04:10 UTC 
Created wordpress tracking bugs for this issue:

Affects: epel-all [bug 2259510]
Affects: fedora-all [bug 2259511]