cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-36708,https://securityvulnerability.io/vulnerability/CVE-2020-36708,Function Injection Vulnerability in Popular WordPress Themes,"An unauthenticated function injection vulnerability exists in multiple WordPress themes due to the epsilon_framework_ajax_action, allowing attackers to invoke sensitive functions and potentially achieve remote code execution. This affects versions of popular themes such as Shapely, NewsMag, and Activello, among others. It is crucial for users of these themes to apply updates to safeguard against unauthorized access and exploitation.",Wordpress,"Allegiant,Naturemag Lite,Newsmag,Shapely,Bonkers,Regina Lite,Transcend,Sparkling,Newspaper X,Antreas,Affluent,Brilliance,Activello,Illdy,Medzone Lite,Pixova Lite",9.8,CRITICAL,0.04871999844908714,false,,false,false,false,,false,false,2023-06-07T01:51:22.525Z,0
CVE-2022-3477,https://securityvulnerability.io/vulnerability/CVE-2022-3477,tagDiv Composer < 3.5 - Unauthenticated Account Takeover,"The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address",Wordpress,"Tagdiv Composer,Newspaper,Newsmag",9.8,CRITICAL,0.003700000001117587,false,,false,false,false,,false,false,2022-11-14T00:00:00.000Z,0
CVE-2021-24304,https://securityvulnerability.io/vulnerability/CVE-2021-24304,Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS),"The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.",Wordpress,Newsmag,6.1,MEDIUM,0.0009299999801442027,false,,false,false,false,,false,false,2021-08-09T10:04:04.000Z,0