CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

Exploit for Missing Authorization in Spicethemes Newsblogger

🚨 WordPress NewsBlogger Theme = 0.2.5.1 - Arbitrary File Uplo...

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

WordPress NewsBlogger Theme <= 0.2.5.1 is vulnerable to Arbitrary File Upload

Software NewsBlogger Type Theme Vulnerable versions = 0.2.5.1 Fixed in 0.2.5.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-1304 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 233ab859c905 Credits CVEhunter Required privilege Subscriber...