CVE & CISA-KEV Catalog

CVE-2020-36721

MEDIUM
6.5
CVSS v3
NVD

Description

The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activello_activate_plugin' and 'activello_deactivate_plugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing capability and security checks/nonces. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins installed on a vulnerable site.

How to fix

Remediation Available
activelloNVD
Affected:< 1.4.2Fixed in:1.4.2CVE-2020-36721derived from NVD
affluentNVD
Affected:< 1.1.2Fixed in:1.1.2CVE-2020-36721derived from NVD
allegiantNVD
Affected:< 1.2.6Fixed in:1.2.6CVE-2020-36721derived from NVD
antreasNVD
Affected:< 1.0.7Fixed in:1.0.7CVE-2020-36721derived from NVD
bonkersNVD
Affected:< 1.0.6Fixed in:1.0.6CVE-2020-36721derived from NVD
brillianceNVD
Affected:< 1.3.0Fixed in:1.3.0CVE-2020-36721derived from NVD
illdyNVD
Affected:< 2.1.7Fixed in:2.1.7CVE-2020-36721derived from NVD
medzone liteNVD
Affected:< 1.2.6Fixed in:1.2.6CVE-2020-36721derived from NVD
newsmagNVD
Affected:< 2.4.2Fixed in:2.4.2CVE-2020-36721derived from NVD
newspaper xNVD
Affected:< 1.3.2Fixed in:1.3.2CVE-2020-36721derived from NVD
pixova liteNVD
Affected:< 2.0.7Fixed in:2.0.7CVE-2020-36721derived from NVD
regina liteNVD
Affected:< 2.0.6Fixed in:2.0.6CVE-2020-36721derived from NVD
shapelyNVD
Affected:< 1.2.9Fixed in:1.2.9CVE-2020-36721derived from NVD
transcendNVD
Affected:< 1.2.0Fixed in:1.2.0CVE-2020-36721derived from NVD

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityNone
IntegrityLow
AvailabilityLow

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Exploit Intelligence

0.98%probability of exploitation in 30 days
58thpercentile

Moderate risk: more likely to be exploited than 58% of all known CVEs.

References

Related Vulnerabilities

Other CWE-284 (Improper Access Control) vulnerabilities, ordered by exploit likelihood. View all

CVESeverityCVSSEPSSExploitedFix
CVE-2023-27350Critical9.8100%KEV + RansomFix
CVE-2019-1653High7.5100%KEV-
CVE-2023-23752Medium5.3100%KEVFix
CVE-2023-29298High7.5100%KEV-
CVE-2023-38205High7.5100%KEV-
CVE-2024-27348Critical9.899%KEVFix
Embed a live status badge for CVE-2020-36721
CVE-2020-36721 severity badge

Markdown

[![CVE-2020-36721](https://tridentstack.com/cve/badge/CVE-2020-36721.svg)](https://tridentstack.com/cve/CVE-2020-36721)

HTML

<a href="https://tridentstack.com/cve/CVE-2020-36721"><img src="https://tridentstack.com/cve/badge/CVE-2020-36721.svg" alt="CVE-2020-36721"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-08.