Silkalns Activello vulnerabilities
4 known vulnerabilities affecting silkalns/activello.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-36708P1CRITICALCVSS 9.8ExploitedPoC≤ 1.4.02023-06-07
CVE-2020-36708 [CRITICAL] CWE-94 CVE-2020-36708: The following themes for WordPress are vulnerable to Function Injections in versions up to and inclu
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonk
nvd
CVE-2020-36721P3MEDIUMCVSS 6.5≤ 1.4.02023-06-07
CVE-2020-36721 [MEDIUM] CWE-284 CVE-2020-36721: The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulne
The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes
nvd
CVE-2022-45849P4MEDIUMCVSS 5.4≥ n/a, ≤ 1.4.42023-04-16
CVE-2022-45849 [MEDIUM] CWE-79 CVE-2022-45849: Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
nvd
CVE-2022-45358P4MEDIUMCVSS 5.4≥ n/a, ≤ 1.4.42023-04-13
CVE-2022-45358 [MEDIUM] CWE-79 CVE-2022-45358: Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.
nvd