Newsmash

CVEs (3)

CVE	Sev	Risk	CVSS	Published	Description
CVE-2024-56208	Med	0.42	6.5	Feb 20, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= 1.0.71.
CVE-2024-10849	Med	0.42	6.4	Dec 6, 2024	The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-56208 is a duplicate of this issue.
CVE-2024-37441	Med	0.28	4.3	Jan 2, 2025	Cross-Site Request Forgery (CSRF) vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through <= 1.0.34.

CVE-2024-56208MedFeb 20, 2026
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= 1.0.71.
CVE-2024-10849MedDec 6, 2024
risk 0.42cvss 6.4epss 0.00
The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-56208 is a duplicate of this issue.
CVE-2024-37441MedJan 2, 2025
risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in desertthemes NewsMash newsmash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through <= 1.0.34.