Newspaper Theme 6.4–6.7.1 - Privilege Escalation

Newspaper Theme versions 6.4 to 6.7.1 for WordPress lacked proper options access control through tdajaxupdatepanel, which led to a Privilege Escalation vulnerability. id: CVE-2016-10972 info: name: Newspaper Theme 6.4–6.7.1 - Privilege Escalation author: pussycat0x severity: critical description:...

WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

WordPress Newspaper < 12 - Cross-Site Scripting

WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized...

CVE-2023-4824

The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2016-10972

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via tdajaxupdatepanel...

EUVD-2014-6964

Malware in sbrugna...

EUVD-2015-9340

Malware in sbrugna...

EUVD-2021-26483

Malware in sbrugna...

EUVD-2023-54666

Malicious code in bioql PyPI...

EUVD-2024-36490

Malicious code in bioql PyPI...

Malicious code in newspaper-club-sentence (npm)

The package newspaper-club-sentence was found to contain malicious code...

MAL-2025-45304 Malicious code in newspaper-club-sentence (npm)

The package newspaper-club-sentence was found to contain malicious code...

CVE-2024-3888

The tagDiv Composer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button shortcode in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-3815

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-37198

Cross-Site Request Forgery CSRF vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5...

CVE-2022-2627

The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...

CVE-2021-3135

An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php tdblockid parameter in a tdajaxblock API call...

CVE-2020-36721

The Brilliance = 1.2.7, Activello = 1.4.0, and Newspaper X = 1.3.1 themes for WordPress are vulnerable to Plugin Activation/Deactivation. This is due to the 'activelloactivateplugin' and 'activellodeactivateplugin' functions in the 'inc/welcome-screen/class-activello-welcome.php' file missing...

CVE-2024-37198

Cross-Site Request Forgery CSRF vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5...

CVE-2024-37198

Cross-Site Request Forgery CSRF vulnerability in blazethemes Digital Newspaper.This issue affects Digital Newspaper: from n/a through 1.1.5...