GCVE - cpe:2.3:a:colorlib:activello:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:colorlib:activello:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Colorlib (`05dc98e5-dc4d-5a31-bf3c-ad80d796bf26`)
Product	Activello (`cd762c8b-69aa-532c-b0f0-6283b7fac167`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/colorlibhq/activello`	purl2cpe	2026-06-01 10:15:55.939042

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-45358`	vulnerable	2026-06-08 05:50:36.101920	WordPress Activello Theme <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) MEDIUM (5.4) Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. Published: 2023-04-13T11:36:59.545Z Updated: 2026-04-28T16:07:52.341Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/activello/wordpress-activello-theme-1-4-4-auth-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36721`	vulnerable	2026-06-08 05:25:49.465778	Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation MEDIUM (6.5) The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site. Published: 2023-06-07T01:51:37.465Z Updated: 2026-04-08T17:14:14.374Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=cve https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/ https://wordpress.org/themes/activello/ https://wordpress.org/themes/newspaper-x/ https://wordpress.org/themes/brilliance/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36708`	vulnerable	2026-06-08 05:25:49.431314	Epsilon Framework Themes (Various Versions) - Function Injection CRITICAL (9.8) The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution. Published: 2023-06-07T01:51:22.525Z Updated: 2026-04-08T16:55:21.011Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=cve https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/ https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/ https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/ https://wpscan.com/vulnerability/bec52a5b-c892-4763-a962-05da7100eca5	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.