VYPR

NewsBlogger

by WordPress

CVEs (3)

  • CVE-2025-12821HigFeb 19, 2026
    risk 0.57cvss 8.8epss 0.00

    The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers…

  • CVE-2025-1305HigMay 1, 2025
    risk 0.57cvss 8.8epss 0.00

    The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for…

  • CVE-2025-1304HigMay 1, 2025
    risk 0.57cvss 8.8epss 0.01

    The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with…