CVE-2025-12821

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload arbitrary files...

CVE-2025-12821

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload arbitrary files...

CVE-2025-12821 NewsBlogger <= 0.2.5.6 - 0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload arbitrary files...

CVE-2025-12821

CVE-2025-12821 affects the WordPress NewsBlogger theme. Versions 0.2.5.6–0.2.6.1 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the newsblogger_install_and_activate_plugin() function, allowing unauthenticated attackers to upload arbitrary files and poten...

CVE-2025-12821 NewsBlogger <= 0.2.5.6 - 0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload arbitrary files...

WordPress plugin NewsBlogger 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-20586

Name of the Vulnerable Software and Affected Versions NewsBlogger versions 0.2.5.6 through 0.2.6.1 Description The NewsBlogger WordPress theme is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the newsblogger install and activate plugin function. This allows...

WordPress NewsBlogger <= 0.2.5.6-0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability discovered by luckybuddy in WordPress Theme NewsBlogger versions 0.2.5.6-0.2.6.1...

WordPress NewsBlogger Theme 0.2.5.1 Shell Upload

WordPress NewsBlogger Theme versions 0.2.5.1 and below suffer from a remote shell upload vulnerability...

CVE-2025-1305

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-1305 NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

CVE-2025-1304

CVE-2025-1304 affects WordPress NewsBlogger theme versions up to and including 0.2.5.1. The root cause is a missing capability check in newsblogger_install_and_activate_plugin(), allowing authenticated users with subscriber-level access and above to upload arbitrary files to the server, with the ...

CVE-2025-1305 NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

CVE-2025-1304 NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

PT-2025-18353 · WordPress · Newsblogger

Name of the Vulnerable Software and Affected Versions: NewsBlogger theme for WordPress versions up to, and including, 0.2.5.1 Description: The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger install and activate plugin...

PT-2025-18354 · WordPress · Newsblogger

Name of the Vulnerable Software and Affected Versions: NewsBlogger theme for WordPress versions up to, and including, 0.2.5.4 Description: The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the newsblogger install and...

WordPress plugin NewsBlogger 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerabilit...

WordPress plugin NewsBlogger 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...