CVE-2025-12821

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload arbitrary files...

CVE-2025-12821

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload arbitrary files...

PT-2026-20586

Name of the Vulnerable Software and Affected Versions NewsBlogger versions 0.2.5.6 through 0.2.6.1 Description The NewsBlogger WordPress theme is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the newsblogger install and activate plugin function. This allows...

WordPress NewsBlogger Theme 0.2.5.1 Shell Upload

WordPress NewsBlogger Theme versions 0.2.5.1 and below suffer from a remote shell upload vulnerability...

CVE-2025-1305

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

CVE-2025-1304

The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsbloggerinstallandactivateplugin function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and...

CVE-2025-1305 NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

CVE-2025-1304

CVE-2025-1304 affects WordPress NewsBlogger theme versions up to and including 0.2.5.1. The root cause is a missing capability check in newsblogger_install_and_activate_plugin(), allowing authenticated users with subscriber-level access and above to upload arbitrary files to the server, with the ...

CVE-2025-1305 NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

PT-2025-18353 · WordPress · Newsblogger

Name of the Vulnerable Software and Affected Versions: NewsBlogger theme for WordPress versions up to, and including, 0.2.5.1 Description: The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger install and activate plugin...

WordPress NewsBlogger theme <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability

Cross-Site Request Forgery to Arbitrary Plugin Installation vulnerability discovered by Gibran Abdillah in WordPress Theme NewsBlogger versions = 0.2.5.4...