CVE-2025-12821
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload arbitrary files...