CVE-2023-28171

Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in WP Chill Brilliance theme = 1.3.1 versions...

CVE-2020-36721

The Brilliance = 1.2.7, Activello = 1.4.0, and Newspaper X = 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activelloactivateplugin' and 'activellodeactivateplugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing...

CVE-2023-28171

Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in WP Chill Brilliance theme = 1.3.1 versions...

CVE-2023-28171

CVE-2023-28171 affects the WordPress Brilliance theme (versions

CVE-2023-28171 WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in WP Chill Brilliance theme = 1.3.1 versions...

CVE-2023-28171 WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in WP Chill Brilliance theme = 1.3.1 versions...

WordPress theme Brilliance 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Brilliance version 1.3.1 and...

CVE-2020-36721

The Brilliance = 1.2.7, Activello = 1.4.0, and Newspaper X = 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activelloactivateplugin' and 'activellodeactivateplugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing...

WordPress Brilliance Theme <= 1.2.7 is vulnerable to Broken Access Control

Software Brilliance Type Theme Vulnerable versions = 1.2.7 Fixed in 1.3.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36721 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID a0bd7d64b1bd Credits Jerome Bruandet - NinTechNet...

VulnCheck KEV: CVE-2020-36708

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina...

WordPress Brilliance Theme <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Brilliance Type Theme Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28171 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 3d9a1effb3cc Credits Dave Jong Patchstack...

Brilliance <= 1.3.1 - Subscriber+ Stored XSS

The theme does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting attacks...

WordPress Brilliance theme <=1.2.9 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Brilliance theme versions 1.2.9. Solution Update the WordPress Brilliance theme to the latest available version at least =1.3.0...

WordPress Brilliance Theme - File Upload Vulnerability

This vulnerability allows an attacker to upload arbitrary files to the affected computer. Solution Update the theme...