WordPress Theme: shapely: CVE-2020-36708: Improper Control of Generation of Code ('Code Injection')

The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely less than or equal to 1.2.7, NewsMag less than or equal to 2.4.1, Activello less than or equal to 1.4.0, Illdy less than or equal to 2.1.4, Allegiant less than or equal to 1.2.2, Newspaper X less than or equal to 1.3.1, Pixova Lite less than or equal to 2.0.5, Brilliance less than or equal to 1.2.7, MedZone Lite less than or equal to 1.2.4, Regina Lite less than or equal to 2.0.4, Transcend less than or equal to 1.1.8, Affluent less than or equal to 1.1.0, Bonkers less than or equal to 1.0.4, Antreas less than or equal to 1.0.2, Sparkling less than or equal to 2.4.8, and NatureMag Lite less than or equal to 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.