Themes Vulnerabilities

ColorWay < 3.4.2 - Cross-Site Scripting (XSS)

Description

The ColorWay WordPress theme was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Themes

colorway
Fixed in 3.4.2

References

CVE
CVE-2016-10961
URL
https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_colorway_wordpress_theme.html
URL
https://seclists.org/fulldisclosure/2016/Jul/76

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
9afe1db6-3e6f-4e82-be09-755e83c561e1

Timeline

Publicly Published
2016-07-26 (about 9 years ago)
Added
2016-07-26 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-10-03
Title
Jeg Elementor Kit < 2.7.0 - Author+ Stored XSS
Published
2025-03-31
Title
Terms Before Download <= 1.0.5 - Contributor+ Stored XSS
Published
2021-11-22
Title
Icegram < 2.0.5 - Reflected Cross-Site Scripting
Published
2025-01-06
Title
Geo Content < 6.1 - Contributor+ Stored XSS
Published
2024-03-18
Title
MyCurator Content Curation < 3.77 - Reflected Cross-Site Scripting