CVE-2020-36708

Epsilon Framework Themes (Various Versions) - Function Injection

CVSS 9.8 CRITICALEPSS 65.3%CWE-94

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

machothemes · Antreas machothemes · MedZone Lite machothemes · NatureMag Lite machothemes · NewsMag machothemes · Regina Lite silkalns · Activello silkalns · Bonkers silkalns · Illdy silkalns · Newspaper X silkalns · Pixova Lite silkalns · Shapely silkalns · Sparkling wpchill · Affluent wpchill · Allegiant wpchill · Brilliance wpchill · Transcend

public PoCs found — 1

githubgithub.com/b1g-b33f/CVE-2020-36708★ 2

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/https://wpscan.com/vulnerability/bec52a5b-c892-4763-a962-05da7100eca5 https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=cve