CVE-2020-36708

CRITICAL EXPLOITED NUCLEI

WordPress Themes - Function Injection

Title source: llm

Exploitation Summary

CVE-2020-36708 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including b1g-b33f. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2020-36708, a function injection vulnerability in the WordPress Epsilon Framework. The script leverages the `epsilon_framework_ajax_action` AJAX endpoint to invoke arbitrary PHP class methods, demonstrating SSRF via the `Requests` library.

Description

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.

Exploits (1)

nomisec WORKING POC 2 stars

by b1g-b33f · infoleak

https://github.com/b1g-b33f/CVE-2020-36708

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2020-36708, a function injection vulnerability in the WordPress Epsilon Framework. The script leverages the `epsilon_framework_ajax_action` AJAX endpoint to invoke arbitrary PHP class methods, demonstrating SSRF via the `Requests` library.

Classification

Working Poc 95%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: WordPress Epsilon Framework

No auth needed

Prerequisites: Target running vulnerable WordPress Epsilon Framework · Access to a collaborator/webhook domain for SSRF confirmation

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution

CRITICALVERIFIEDby madrobot

References (5)

Core 5

Core References

Exploit, Third Party Advisory

https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/

Exploit, Third Party Advisory

https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/

Third Party Advisory

https://wpscan.com/vulnerability/bec52a5b-c892-4763-a962-05da7100eca5

Third Party Advisory

https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=cve

Scores

CVSS v3 9.8

EPSS 0.6534

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2023-06-07

CWE

CWE-94

Status published

Products (32)

colorlib/activello < 1.4.2

colorlib/bonkers < 1.0.6

colorlib/illdy < 2.1.7

colorlib/newspaper_x < 1.3.2

colorlib/pixova_lite < 2.0.7

colorlib/shapely < 1.2.9

colorlib/sparklinkg < 2.4.8

cpothemes/affluent < 1.1.2

cpothemes/allegiant < 1.2.6

cpothemes/brilliance < 1.3.0

... and 22 more

Published Jun 07, 2023

Tracked Since Feb 18, 2026