7 matches found
CVE-2025-68905 WordPress JNews - Pay Writer plugin <= 11.0.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through = 11.0.0...
CVE-2025-68906
CVE-2025-68906 – JNews - Video (Jegtheme JNews - Video) Reflected XSS . The flaw is an improper neutralization of input during web page generation, enabling Reflected Cross-Site Scripting for the plugin up to version 11.0.2. Affected software: jegtheme JNews - Video; affected range: from n/a thro...
CVE-2025-68904 WordPress JNews - Frontend Submit plugin <= 11.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through = 11.0.0...
WordPress JNews - Video plugin <= 11.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
WordPress JNews - Video plugin = 11.0.2 - Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin JNews - Video versions = 11.0.2...
WordPress JNews - Frontend Submit plugin <= 11.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
WordPress JNews - Frontend Submit plugin = 11.0.0 - Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin JNews - Frontend Submit versions = 11.0.0...
WordPress JNews Paywall plugin < 12.0.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin JNews Paywall versions 12.0.1...
WordPress JNews Theme <= 11.6.5 is vulnerable to Broken Access Control
Software JNews Type Theme Vulnerable versions = 11.6.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-39373 Patch priority Low CVSS severity Low 5.3 Developer EPC PSID 775c2569b9cb Credits Ananda Dhakal Patchstack Required privilege...