CVE-2025-1307
CVE-2025-1307 affects the Newscrunch WordPress theme; versions up to 1.8.4.1 are vulnerable to an arbitrary file upload due to a missing capability check in newscrunch_install_and_activate_plugin(). Affected attackers: authenticated users with Subscriber+ privileges; impact includes potential rem...