VYPR

Newsmag

by Machothemes

CVEs (5)

  • CVE-2020-36708CriJun 7, 2023
    risk 0.71cvss 9.8epss 0.65

    The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <=…

  • CVE-2020-36721MedJun 7, 2023
    risk 0.42cvss 6.5epss 0.01

    The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welco…

  • CVE-2022-3477Nov 14, 2022
    risk 0.05cvss epss 0.04

    The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their…

  • CVE-2023-28493May 8, 2023
    risk 0.00cvss epss 0.00

    Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.

  • CVE-2021-24304Aug 9, 2021
    risk 0.00cvss epss 0.01

    The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.