VYPR

NewsMag

by WordPress

CVEs (4)

  • CVE-2020-36708CriJun 7, 2023
    risk 0.69cvss 9.8epss 0.65

    The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <=…

  • CVE-2022-3477CriNov 14, 2022
    risk 0.64cvss 9.8epss 0.04

    The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their…

  • CVE-2023-28493MedMay 8, 2023
    risk 0.42cvss 6.5epss 0.00

    Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.

  • CVE-2021-24304MedAug 9, 2021
    risk 0.40cvss 6.1epss 0.01

    The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.