Multiple Themes – Unauthenticated Function Injection | CVE 2020-36708

Description

Jerome Bruandet, from nintechnet, discovered numerous themes affected by Unauthenticated Function Injection issues, due to the lack of capability and CSRF nonce checks in AJAX actions.

The naturemag-lite theme partially fixed the issues in v1.0.5, however it has been removed from the WordPress repository.

Three of the themes, Brilliance, Activello and Newspaper X were also affected by an Unauthenticated Plugin Activation/Deactivation issue.

Affects Themes

shapely

Fixed in 1.2.9

newsmag

Fixed in 2.4.2

activello

Fixed in 1.4.2

illdy

Fixed in 2.1.7

Fixed in 1.2.6

Fixed in 1.3.2

Fixed in 2.0.7

Fixed in 1.3.0

Fixed in 1.2.6

Fixed in 2.0.6

Fixed in 1.2.0

Fixed in 1.1.2

bonkers

Fixed in 1.0.6

antreas

Fixed in 1.0.7

naturemag-lite

No known fix

sparkling

Fixed in 2.4.9

References

CVE

CVE-2020-36708

CVE

CVE-2020-36721

URL

https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/

URL

https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/

URL

https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/

Classification

Type

INJECTION

OWASP top 10

A1: Injection

CVSS

9.1 (critical)

Miscellaneous

Original Researcher

Jerome Bruandet (nintechnet)

Verified

WPVDB ID

bec52a5b-c892-4763-a962-05da7100eca5

Timeline

Publicly Published

2020-10-01 (about 3 years ago)

Added

2020-10-01 (about 3 years ago)

Last Updated

2023-06-08 (about 11 months ago)

Other

Published

Title

Published

2020-03-11

Title

Search Meter < 2.13.3 - CSV Injection

Published

2023-02-16

Title

WoodMart < 7.1.2 - Unauthenticated Arbitrary Shortcode Injection

Published

2020-03-04

Title

Appointment Booking Calendar < 1.3.35 - CSV Injection

Published

2023-10-09

Title

EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter

Published

2020-07-09

Title

Wise Chat < 2.8.4 - CSV Injection