15 matches found
CVE-2025-1307
The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...
WordPress Newscrunch Theme 1.8.4.1 Cross Site Request Forgery
WordPress Newscrunch theme version 1.8.4 suffers from a cross site request forgery vulnerability...
WordPress Newscrunch Theme 1.8.4.1 Shell Upload
WordPress Newscrunch theme version 1.8.4.1 suffers from a remote shell upload vulnerability...
Exploit for Cross-Site Request Forgery (CSRF) in Spicethemes Newscrunch
Newscrunch Exploit CVE-2025-1306 🚨 Overview This explo...
Exploit for Missing Authorization in Spicethemes Newscrunch
Newscrunch Exploit CVE-2025-1307 🚨 Overview This exploit...
CVE-2025-1307
The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-1306
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...
CVE-2025-1306
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...
CVE-2025-1307 Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload
The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunchinstallandactivateplugin function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...
CVE-2025-1306 Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...
CVE-2025-1306 Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...
WordPress plugin Newscrunch 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
WordPress plugin Newscrunch 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress Newscrunch theme <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload vulnerability
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by Chloe Chamberland in WordPress Theme Newscrunch versions = 1.8.4...
WordPress Newscrunch theme <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability
Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by Gibran Abdillah in WordPress Theme Newscrunch versions = 1.8.4...