WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution

WordPress themes including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4, Transcend = 1.1.8, Affluent = 1.1.0, Bonkers = 1.0.4, Antreas = 1.0.2, Sparkli...

CVE-2020-36708

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4,...

PT-2023-11850 · Antreas +10 · Antreas +15

Name of the Vulnerable Software and Affected Versions: Shapely versions up to and including 1.2.7 NewsMag versions up to and including 2.4.1 Activello versions up to and including 1.4.0 Illdy versions up to and including 2.1.4 Allegiant versions up to and including 1.2.2 Newspaper X versions up t...

WordPress theme Epsilon Framework 代码注入漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A code injection vulnerability exists in WordPress theme Epsilon Framework, which stems from...

Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites

An active attack against more than 1.6 million WordPress sites is underway, with researchers spotting tens of millions of attempts to exploit four different plugins and several Epsilon Framework themes. The goal, they said, is complete site takeover using administrative privileges. The scope of t...

1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses

As many as 1.6 million WordPress sites have been targeted by an active large-scale attack campaign originating from 16,000 IP addresses by exploiting weaknesses in four plugins and 15 Epsilon Framework themes. WordPress security company Wordfence, which disclosed details of the attacks, said...

WordPress Epsilon Framework SSRF / Denial of Service

Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection Date: 22/12/2020 Exploit Authors: gx1 lotar Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Affected Themes: shapely - Fixed in version 1.2.9 newsmag - Fix...

Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection

Exploit Title: Wordpress Epsilon Framework Multiple Themes - Unauthenticated Function Injection Date: 22/12/2020 Exploit Authors: gx1 lotar Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Affected Themes: shapely - Fixed in version 1.2.9 newsmag - Fix...

RCE Vulnerability in WordPress Themes using the Epsilon Framework

Multiple WordPress themes using the Epsilon Framework are prone to a function injection vulnerability that could lead to remote code execution RCE. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Widespread Scans Underway for RCE Bugs in WordPress Websites

Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers. According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these vulnerabilities have...