Vulnerabilities > Spicethemes > Newsblogger

DATE CVE VULNERABILITY TITLE RISK
2025-05-01 CVE-2025-1304 Missing Authorization vulnerability in Spicethemes Newsblogger
The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1.
network
low complexity
spicethemes CWE-862
8.8
8.8
2025-05-01 CVE-2025-1305 Cross-Site Request Forgery (CSRF) vulnerability in Spicethemes Newsblogger
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4.
network
low complexity
spicethemes CWE-352
8.8
8.8