CVE-2025-12821
- EPSS 0.05%
- Veröffentlicht 19.02.2026 03:25:16
- Zuletzt bearbeitet 19.02.2026 15:53:02
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible fo...
CVE-2025-1304
- EPSS 1.54%
- Veröffentlicht 01.05.2025 03:23:39
- Zuletzt bearbeitet 06.05.2025 15:38:17
The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenti...
CVE-2025-1305
- EPSS 0.18%
- Veröffentlicht 01.05.2025 03:23:39
- Zuletzt bearbeitet 06.05.2025 15:38:55
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes ...