Colorlib Activello vulnerabilities
3 known vulnerabilities affecting colorlib/activello.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-36708P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.4.22023-06-07
CVE-2020-36708 [CRITICAL] CWE-94 CVE-2020-36708: The following themes for WordPress are vulnerable to Function Injections in versions up to and inclu
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonk
nvd
CVE-2020-36721P3MEDIUMCVSS 6.5fixed in 1.4.22023-06-07
CVE-2020-36721 [MEDIUM] CWE-284 CVE-2020-36721: The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulne
The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes
nvd
CVE-2022-45358P4MEDIUMCVSS 5.4≤ 1.4.42023-04-13
CVE-2022-45358 [MEDIUM] CWE-79 CVE-2022-45358: Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
nvd