GCVE - cpe:2.3:a:machothemes:newsmag:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:machothemes:newsmag:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Machothemes (`011507af-8f8b-5838-9d9a-c7be4c5d7373`)
Product	Newsmag (`acd72adf-5c00-5cb0-83cb-c2cc5cb25692`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-28493`	vulnerable	2026-06-08 06:01:10.981848	WordPress Newsmag Theme <= 2.4.4 is vulnerable to Cross Site Scripting (XSS) MEDIUM (6.5) Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions. Published: 2023-05-08T14:25:41.651Z Updated: 2026-04-28T16:08:16.089Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/newsmag/wordpress-newsmag-theme-2-4-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36721`	vulnerable	2026-06-08 05:25:49.466217	Epsilon Framework Themes (Various Versions) - Unauthenticated Plugin Activation/Deactivation MEDIUM (6.5) The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site. Published: 2023-06-07T01:51:37.465Z Updated: 2026-04-08T17:14:14.374Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/a9e4e989-8e55-4ea7-8f42-9f67cfab1168?source=cve https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/ https://wordpress.org/themes/activello/ https://wordpress.org/themes/newspaper-x/ https://wordpress.org/themes/brilliance/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36708`	vulnerable	2026-06-08 05:25:49.441031	Epsilon Framework Themes (Various Versions) - Function Injection CRITICAL (9.8) The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution. Published: 2023-06-07T01:51:22.525Z Updated: 2026-04-08T16:55:21.011Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/5b75c322-539d-44e9-8f26-5ff929874b67?source=cve https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-fixed-in-15-wordpress-themes/ https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/ https://blog.nintechnet.com/unauthenticated-function-injection-vulnerability-in-wordpress-sparkling-theme/ https://wpscan.com/vulnerability/bec52a5b-c892-4763-a962-05da7100eca5	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.