Vulnerability Details : CVE-2020-36721
Potential exploit
The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site.
Vulnerability category: BypassGain privilege
Products affected by CVE-2020-36721
- cpe:2.3:a:machothemes:newsmag:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:machothemes:regina_lite:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:machothemes:naturemag_lite:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:machothemes:antreas:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:machothemes:medzone_lite:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:colorlib:activello:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:colorlib:bonkers:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:colorlib:pixova_lite:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:colorlib:newspaper_x:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:colorlib:illdy:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:colorlib:shapely:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cpothemes:affluent:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cpothemes:transcend:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cpothemes:brilliance:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:cpothemes:allegiant:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-36721
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-36721
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
3.9
|
2.5
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
3.9
|
2.5
|
Wordfence |
CWE ids for CVE-2020-36721
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: security@wordfence.com (Secondary)
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-36721
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=cve
Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/DeactivationThird Party Advisory
-
https://wordpress.org/themes/activello/
Activello - WordPress theme | WordPress.orgProduct
-
https://wordpress.org/themes/newspaper-x/
Newspaper X - WordPress theme | WordPress.orgProduct
-
https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/
Unauthenticated function injection vulnerability fixed in 15 WordPress themes. – NinTechNetExploit;Third Party Advisory
-
https://wordpress.org/themes/brilliance/
Brilliance - WordPress theme | WordPress.orgProduct
Jump to