GCVE - cpe:2.3:a:wpchill:brilliance:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:wpchill:brilliance:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wpchill (`229d438d-d20e-586d-ac2f-e6b4e123f9dc`)
Product	Brilliance (`82194083-c993-52cb-bec0-bfdd8b299270`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/wpchill/brilliance-lite`	purl2cpe	2026-06-01 10:12:17.969853

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-36721`	vulnerable	2026-06-03 14:42:39.786052	Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation MEDIUM (6.5) The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site. Published: 2023-06-07T01:51:37.465Z Updated: 2026-04-08T17:14:14.374Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=cve https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/ https://wordpress.org/themes/activello/ https://wordpress.org/themes/newspaper-x/ https://wordpress.org/themes/brilliance/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36708`	vulnerable	2026-06-03 14:42:39.720813	Epsilon Framework Themes (Various Versions) - Function Injection CRITICAL (9.8) The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution. Published: 2023-06-07T01:51:22.525Z Updated: 2026-04-08T16:55:21.011Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=cve https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/ https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/ https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/ https://wpscan.com/vulnerability/bec52a5b-c892-4763-a962-05da7100eca5	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.