CVE-2020-36708
07.06.2023, 02:15
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.
| Vendor | Product | Version |
|---|---|---|
| colorlib | activello | 𝑥 < 1.4.2 |
| colorlib | bonkers | 𝑥 < 1.0.6 |
| colorlib | illdy | 𝑥 < 2.1.7 |
| colorlib | newspaper_x | 𝑥 < 1.3.2 |
| colorlib | pixova_lite | 𝑥 < 2.0.7 |
| colorlib | shapely | 𝑥 < 1.2.9 |
| colorlib | sparklinkg | 𝑥 ≤ 2.4.8 |
| cpothemes | affluent | 𝑥 < 1.1.2 |
| cpothemes | allegiant | 𝑥 < 1.2.6 |
| cpothemes | brilliance | 𝑥 < 1.3.0 |
| cpothemes | transcend | 𝑥 < 1.2.0 |
| machothemes | antreas | 𝑥 < 1.0.7 |
| machothemes | medzone_lite | 𝑥 < 1.2.6 |
| machothemes | naturemag_lite | 𝑥 ≤ 1.0.4 |
| machothemes | newsmag | 𝑥 < 2.4.2 |
| machothemes | regina_lite | 𝑥 < 2.0.6 |
𝑥
= Vulnerable software versions
References