Skip to main content

Medzone Lite

2 CVEs product

Monthly

CVE-2020-36721 MEDIUM POC This Month

The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass Activello Bonkers +13
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2020-36708 CRITICAL POC THREAT Emergency

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.5%.

RCE Code Injection WordPress Activello Bonkers +14
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
90.5%
Threat
6.2
EPSS 0% CVSS 6.5
MEDIUM POC This Month

The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP WordPress Authentication Bypass +15
NVD VulDB
EPSS 90% 6.2 CVSS 9.8
CRITICAL POC THREAT Emergency

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.5%.

RCE Code Injection WordPress +16
NVD WPScan VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy