CVE-2020-36708

Name of the Vulnerable Software and Affected Versions Shapely versions up to and including 1.2.7 NewsMag versions up to and including 2.4.1 Activello versions up to and including 1.4.0 Illdy versions up to and including 2.1.4 Allegiant versions up to and including 1.2.2 Newspaper X versions up to and including 1.3.1 Pixova Lite versions up to and including 2.0.5 Brilliance versions up to and including 1.2.7 MedZone Lite versions up to and including 1.2.4 Regina Lite versions up to and including 2.0.4 Transcend versions up to and including 1.1.8 Affluent versions up to and including 1.1.0 Bonkers versions up to and including 1.0.4 Antreas versions up to and including 1.0.2 Sparkling versions up to and including 2.4.8 NatureMag Lite versions up to and including 1.0.4

Description The issue is related to Function Injections due to epsilon framework ajax action, allowing unauthenticated attackers to call functions and achieve remote code execution.

Recommendations For each of the affected themes, update to a version later than the specified version to resolve the issue. Shapely: update to a version later than 1.2.7 NewsMag: update to a version later than 2.4.1 Activello: update to a version later than 1.4.0 Illdy: update to a version later than 2.1.4 Allegiant: update to a version later than 1.2.2 Newspaper X: update to a version later than 1.3.1 Pixova Lite: update to a version later than 2.0.5 Brilliance: update to a version later than 1.2.7 MedZone Lite: update to a version later than 1.2.4 Regina Lite: update to a version later than 2.0.4 Transcend: update to a version later than 1.1.8 Affluent: update to a version later than 1.1.0 Bonkers: update to a version later than 1.0.4 Antreas: update to a version later than 1.0.2 Sparkling: update to a version later than 2.4.8 NatureMag Lite: update to a version later than 1.0.4