7 matches found
WordPress Newsup theme <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Newsup versions = 5.0.10...
WordPress Newsup Theme <= 5.0.10 is vulnerable to Broken Access Control
Software Newsup Type Theme Vulnerable versions = 5.0.10 Fixed in 5.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8682 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9037492b67e8 Credits Dmitrii Ignatyev Required privilege...
CVE-2025-8682
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...
EUVD-2025-33847
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...
CVE-2025-8682 Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...
CVE-2025-8682 Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...
PT-2025-41679
Name of the Vulnerable Software and Affected Versions Newsup theme for WordPress versions prior to 5.0.11 Description The Newsup theme for WordPress is susceptible to unauthorized plugin installation. This is due to a missing capability check within the newsup admin info install plugin function...