10 matches found
WordPress Newsup theme <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation vulnerability
Missing Authorization to Authenticated Subscriber+ Plugin Installation vulnerability discovered by Dmitrii Ignatyev in WordPress Theme Newsup versions = 5.0.10...
WordPress Newsup Theme <= 5.0.10 is vulnerable to Broken Access Control
Software Newsup Type Theme Vulnerable versions = 5.0.10 Fixed in 5.0.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2025-8682 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9037492b67e8 Credits Dmitrii Ignatyev Required privilege...
CVE-2025-8682
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...
EUVD-2025-33847
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...
CVE-2025-8682
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...
CVE-2025-8682 Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...
CVE-2025-8682 Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation
The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsupadmininfoinstallplugin function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin...
CVE-2025-8682
Newsup theme for WordPress (up to version 5.0.10) is vulnerable to unauthorized plugin installation due to a missing capability check in newsup_admin_info_install_plugin(). Unauthenticated attackers could install the ansar-import plugin. Patch 5.0.11 fixes the issue; update to 5.0.11 or later. CV...
WordPress plugin Newsup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-41679
Name of the Vulnerable Software and Affected Versions Newsup theme for WordPress versions prior to 5.0.11 Description The Newsup theme for WordPress is susceptible to unauthorized plugin installation. This is due to a missing capability check within the newsup admin info install plugin function...