cbcvebase.

Silkalns Activello vulnerabilities

4 known vulnerabilities affecting silkalns/activello.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2020-36708P1CRITICALCVSS 9.8ExploitedPoC≤ 1.4.02023-06-07
CVE-2020-36708 [CRITICAL] CWE-94 CVE-2020-36708: The following themes for WordPress are vulnerable to Function Injections in versions up to and inclu The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonk
nvd
CVE-2020-36721P3MEDIUMCVSS 6.5≤ 1.4.02023-06-07
CVE-2020-36721 [MEDIUM] CWE-284 CVE-2020-36721: The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulne The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes
nvd
CVE-2022-45849P4MEDIUMCVSS 5.4≥ n/a, ≤ 1.4.42023-04-16
CVE-2022-45849 [MEDIUM] CWE-79 CVE-2022-45849: Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme < Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
nvd
CVE-2022-45358P4MEDIUMCVSS 5.4≥ n/a, ≤ 1.4.42023-04-13
CVE-2022-45358 [MEDIUM] CWE-79 CVE-2022-45358: Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme < Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
nvd
Silkalns Activello vulnerabilities | cvebase