Browse all 3 CVE security advisories affecting colorlibplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Colorlibplugins develops WordPress plugins for website enhancement, with three documented CVEs primarily involving stored cross-site scripting (XSS) and remote code execution (RCE) vulnerabilities. Historically, these plugins have been susceptible to input validation flaws allowing attackers to execute arbitrary code or inject malicious scripts. Security assessments reveal consistent weaknesses in sanitization and permission handling, though no major public incidents have been reported beyond the disclosed CVEs. The plugin suite's widespread adoption increases potential attack surface, making proper input validation and access controls critical for mitigating risks associated with these vulnerabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-49321 | WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability — Simple Custom Post OrderCWE-862 | 4.3 | Medium | 2024-10-21 |
| CVE-2024-0662 | WordPress Plugin FancyBox for WordPress 安全漏洞 — FancyBox for WordPress | 4.4 | Medium | 2024-04-09 |
| CVE-2024-1473 | Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure — Coming Soon & Maintenance Mode by ColorlibCWE-284 | 5.3 | Medium | 2024-03-20 |
This page lists every published CVE security advisory associated with colorlibplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.