CVE-2020-36704

🗓️ 07 Jun 2023 01:51:19Reported by WordfenceType

The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored in the fruitful_theme_options_action AJAX action in versions up to 3.8.1

Reporter	Title	Published	Views	Family All 7
CNNVD	WordPress Theme Fruitful 跨站脚本漏洞	7 Jun 202300:00	–	cnnvd
Cvelist	CVE-2020-36704 Fruitful < 3.8.2 - Stored Cross-Site Scripting	7 Jun 202301:51	–	cvelist
EUVD	EUVD-2020-24146	7 Oct 202500:30	–	euvd
NVD	CVE-2020-36704	7 Jun 202302:15	–	nvd
Prion	Cross site scripting	7 Jun 202302:15	–	prion
RedhatCVE	CVE-2020-36704	22 May 202517:36	–	redhatcve
Vulnrichment	CVE-2020-36704 Fruitful < 3.8.2 - Stored Cross-Site Scripting	7 Jun 202301:51	–	vulnrichment

NVD

Vulners

Node

fruitfulcode fruitful_themeRange≤3.8.1wordpress

[
  {
    "vendor": "fruitfulcode",
    "product": "Fruitful",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "3.8.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
blog	www.blog.nintechnet.com/authenticated-stored-xss-vulnerability-in-wordpress-fruitful-theme/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/49cf047f-4e8c-4f37-b8c0-d931c02fda7c

08 Apr 2026 18:17Current

5Medium risk

Vulners AI Score5

CVSS 3.15.4 - 6.4

EPSS0.00083

SSVC

CWE-79