CVE-2020-36708

CRITICAL EXPLOITED NUCLEI

WordPress Themes - Function Injection

Title source: llm

Description

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.

Exploits (1)

nomisec WORKING POC 2 stars
by b1g-b33f · infoleak
https://github.com/b1g-b33f/CVE-2020-36708

Nuclei Templates (1)

WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution
CRITICALVERIFIEDby madrobot

References (5)

Scores

CVSS v3 9.8
EPSS 0.9005
EPSS Percentile 99.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-06-07
CWE
CWE-94
Status published
Products (32)
colorlib/activello < 1.4.2
colorlib/bonkers < 1.0.6
colorlib/illdy < 2.1.7
colorlib/newspaper_x < 1.3.2
colorlib/pixova_lite < 2.0.7
colorlib/shapely < 1.2.9
colorlib/sparklinkg < 2.4.8
cpothemes/affluent < 1.1.2
cpothemes/allegiant < 1.2.6
cpothemes/brilliance < 1.3.0
... and 22 more
Published Jun 07, 2023
Tracked Since Feb 18, 2026