Jnews
by WordPress
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-39373 | Med | 0.34 | 5.3 | 0.00 | May 19, 2025 | Missing Authorization vulnerability in jegtheme JNews jnews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JNews: from n/a through <= 11.6.16. | ||
| CVE-2024-8682 | Med | 0.34 | 5.3 | 0.00 | Mar 5, 2025 | The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating… | ||
| CVE-2021-24342 | 0.00 | — | 0.02 | Jun 7, 2021 | The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue. | |||
| CVE-2015-7341 | 0.00 | — | 0.01 | Mar 9, 2020 | JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension. | |||
| CVE-2015-7342 | 0.00 | — | 0.01 | Mar 9, 2020 | JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. | |||
| CVE-2015-7343 | 0.00 | — | 0.01 | Mar 9, 2020 | JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter. | |||
| CVE-2012-4256 | 0.00 | — | 0.01 | Aug 13, 2012 | The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message. |
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in jegtheme JNews jnews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JNews: from n/a through <= 11.6.16.
- risk 0.34cvss 5.3epss 0.00
The JNews - WordPress Newspaper Magazine Blog AMP Theme theme for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 11.6.6. This is due to the plugin not properly validate if the user can register option is enabled prior to creating…
- CVE-2021-24342Jun 7, 2021risk 0.00cvss —epss 0.02
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.
- CVE-2015-7341Mar 9, 2020risk 0.00cvss —epss 0.01
JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as demonstrated by the .php5 extension.
- CVE-2015-7342Mar 9, 2020risk 0.00cvss —epss 0.01
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field.
- CVE-2015-7343Mar 9, 2020risk 0.00cvss —epss 0.01
JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter.
- CVE-2012-4256Aug 13, 2012risk 0.00cvss —epss 0.01
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.