VYPR
Medium severity6.5NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2020-36721

CVE-2020-36721

Description

The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

18
  • cpe:2.3:a:colorlib:activello:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:colorlib:activello:*:*:*:*:*:wordpress:*:*range: <1.4.2
    • (no CPE)range: <=1.4.0
  • cpe:2.3:a:colorlib:bonkers:*:*:*:*:*:wordpress:*:*
    Range: <1.0.6
  • cpe:2.3:a:colorlib:illdy:*:*:*:*:*:wordpress:*:*
    Range: <2.1.7
  • cpe:2.3:a:colorlib:newspaper_x:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:colorlib:newspaper_x:*:*:*:*:*:wordpress:*:*range: <1.3.2
    • (no CPE)range: <=1.3.1
  • cpe:2.3:a:colorlib:pixova_lite:*:*:*:*:*:wordpress:*:*
    Range: <2.0.7
  • cpe:2.3:a:colorlib:shapely:*:*:*:*:*:wordpress:*:*
    Range: <1.2.9
  • cpe:2.3:a:cpothemes:affluent:*:*:*:*:*:wordpress:*:*
    Range: <1.1.2
  • cpe:2.3:a:cpothemes:allegiant:*:*:*:*:*:wordpress:*:*
    Range: <1.2.6
  • cpe:2.3:a:cpothemes:brilliance:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:cpothemes:brilliance:*:*:*:*:*:wordpress:*:*range: <1.3.0
    • (no CPE)range: <=1.2.7
  • cpe:2.3:a:cpothemes:transcend:*:*:*:*:*:wordpress:*:*
    Range: <1.2.0
  • cpe:2.3:a:machothemes:antreas:*:*:*:*:*:wordpress:*:*
    Range: <1.0.7
  • cpe:2.3:a:machothemes:medzone_lite:*:*:*:*:*:wordpress:*:*
    Range: <1.2.6
  • cpe:2.3:a:machothemes:naturemag_lite:*:*:*:*:*:wordpress:*:*
    Range: <=1.0.4
  • cpe:2.3:a:machothemes:newsmag:*:*:*:*:*:wordpress:*:*
    Range: <2.4.2
  • cpe:2.3:a:machothemes:regina_lite:*:*:*:*:*:wordpress:*:*
    Range: <2.0.6

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.