{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:56:32.289","vulnerabilities":[{"cve":{"id":"CVE-2020-36708","sourceIdentifier":"security@wordfence.com","published":"2023-06-07T02:15:11.503","lastModified":"2026-04-08T18:17:08.347","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:colorlib:activello:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.4.2","matchCriteriaId":"20F70FFD-999C-4672-926C-F78D405E6ED5"},{"vulnerable":true,"criteria":"cpe:2.3:a:colorlib:bonkers:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.0.6","matchCriteriaId":"DE235C7C-524F-4F32-883D-115D0AF9E462"},{"vulnerable":true,"criteria":"cpe:2.3:a:colorlib:illdy:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.1.7","matchCriteriaId":"BDC1B168-E097-43C0-A8F5-43BA25834F55"},{"vulnerable":true,"criteria":"cpe:2.3:a:colorlib:newspaper_x:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.3.2","matchCriteriaId":"3FD10FA9-4FE5-430A-8FA2-8882D9ECB5F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:colorlib:pixova_lite:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.0.7","matchCriteriaId":"6A44700A-58BA-40AB-9D71-1514B16E56F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:colorlib:shapely:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.2.9","matchCriteriaId":"93F26484-75E0-4A08-9F37-5E4F5D8A3533"},{"vulnerable":true,"criteria":"cpe:2.3:a:colorlib:sparklinkg:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.4.8","matchCriteriaId":"FB8D1F2A-5747-4D04-AFFC-EA6C83AAE26C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpothemes:affluent:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.1.2","matchCriteriaId":"CB3BF51C-DD4E-4C00-A428-806E713C1341"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpothemes:allegiant:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.2.6","matchCriteriaId":"8408B788-263E-4894-B2D8-E91788520E7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpothemes:brilliance:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.3.0","matchCriteriaId":"EE397C03-FF9C-4BE2-B773-30ADB40AA417"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpothemes:transcend:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.2.0","matchCriteriaId":"ACF002FE-F3F5-4B2C-BE98-BAD745A0BA65"},{"vulnerable":true,"criteria":"cpe:2.3:a:machothemes:antreas:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.0.7","matchCriteriaId":"BFB5368B-FE3E-4A9C-A351-FBE3B67E856C"},{"vulnerable":true,"criteria":"cpe:2.3:a:machothemes:medzone_lite:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.2.6","matchCriteriaId":"998D7CCC-8F2C-4710-B556-FC0BFA81F992"},{"vulnerable":true,"criteria":"cpe:2.3:a:machothemes:naturemag_lite:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.0.4","matchCriteriaId":"49D15762-F26C-4387-83D4-253F64E4F864"},{"vulnerable":true,"criteria":"cpe:2.3:a:machothemes:newsmag:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.4.2","matchCriteriaId":"54B7C2E2-A35D-4E32-BDC3-3DCD31871F1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:machothemes:regina_lite:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"2.0.6","matchCriteriaId":"B87758A3-D7A9-4635-88CA-436D00EFE4E4"}]}]}],"references":[{"url":"https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/","source":"security@wordfence.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/","source":"security@wordfence.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/bec52a5b-c892-4763-a962-05da7100eca5","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]},{"url":"https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/bec52a5b-c892-4763-a962-05da7100eca5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}