{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9202", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-19T17:37:33.877Z", "datePublished": "2025-08-20T06:39:50.555Z", "dateUpdated": "2026-04-08T17:16:15.896Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:16:15.896Z"}, "affected": [{"vendor": "themegrill", "product": "ColorMag", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.0.19", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin."}], "title": "ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1922b16-e76c-4ee6-83ad-77970c8c25c0?source=cve"}, {"url": "https://research.cleantalk.org/CVE-2025-9202"}, {"url": "https://themes.trac.wordpress.org/changeset/283558/colormag/4.0.20/inc/admin/class-colormag-welcome-notice.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2025-08-19T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-20T17:31:57.271710Z", "id": "CVE-2025-9202", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-20T17:32:33.927Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9202", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-20T17:31:57.271710Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-20T17:32:23.629Z"}}], "cna": {"title": "ColorMag <= 4.0.19 - Missing Authorization to Authenticated (Subscriber+) ThemeGrill Demo Importer Plugin Installation", "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "themegrill", "product": "ColorMag", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.0.19"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-19T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1922b16-e76c-4ee6-83ad-77970c8c25c0?source=cve"}, {"url": "https://research.cleantalk.org/CVE-2025-9202"}, {"url": "https://themes.trac.wordpress.org/changeset/283558/colormag/4.0.20/inc/admin/class-colormag-welcome-notice.php"}], "descriptions": [{"lang": "en", "value": "The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-08-20T06:39:50.555Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9202", "state": "PUBLISHED", "dateUpdated": "2025-08-20T17:32:33.927Z", "dateReserved": "2025-08-19T17:37:33.877Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-20T06:39:50.555Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The ColorMag theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the welcome_notice_import_handler() function in all versions up to, and including, 4.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the ThemeGrill Demo Importer plugin."}, {"lang": "es", "value": "El tema ColorMag para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n welcome_notice_import_handler() en todas las versiones hasta la 4.0.19 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, instalen el plugin ThemeGrill Demo Importer."}], "id": "CVE-2025-9202", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-20T07:15:30.357", "references": [{"source": "security@wordfence.com", "url": "https://research.cleantalk.org/CVE-2025-9202"}, {"source": "security@wordfence.com", "url": "https://themes.trac.wordpress.org/changeset/283558/colormag/4.0.20/inc/admin/class-colormag-welcome-notice.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1922b16-e76c-4ee6-83ad-77970c8c25c0?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:59:32.573130+00:00", "value": {"mitigation_remediation": ["Upgrade ColorMag to version 4.0.20 or later, where the missing capability check has been corrected.", "If an upgrade cannot be performed immediately, deactivate or uninstall the ThemeGrill Demo Importer plugin from the WordPress installation to prevent its use.", "Revoke the \"activate_plugins\" capability from Subscriber and lower roles to stop those users from installing plugins permanently."], "summary": {"action": "Patch", "impact": "Unauthorized Plugin Installation"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the ColorMag theme version 4.0.19 or earlier are affected. Any user granted Subscriber-level access or higher who can log in to the site can trigger the flaw.", "description_and_impact": "The ColorMag WordPress theme contains a flaw where the welcome_notice_import_handler() function lacks a capability check. This omission allows any authenticated user with the Subscriber role or higher to invoke the function and install the ThemeGrill Demo Importer plugin without further authorization. The flaw does not grant elevated privileges beyond the user\u2019s existing role, but the unauthorized installation of a plugin can lead to the execution of arbitrary code if a malicious plugin is introduced, a scenario that is inferred from the nature of plugin installation and not explicitly stated in the CVE description.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate severity, and the EPSS score of less than 1% shows a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires only that an authenticated user be able to access the WordPress site; no additional network exposure or special privileges are needed. The attack vector is effectively internal, relying on a valid user account to trigger the unauthorized plugin installation."}}}}, "created": "2025-08-21T12:31:19.866805+00:00", "updated": "2026-04-20T22:00:11.242356+00:00", "vendors": ["themegrill", "themegrill$PRODUCT$colormag", "wordpress", "wordpress$PRODUCT$wordpress"]}