Vulnerabilities > Spicethemes > Newscrunch
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-04 | CVE-2025-1306 | Cross-Site Request Forgery (CSRF) vulnerability in Spicethemes Newscrunch The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. | 8.8 |
| 2025-03-04 | CVE-2025-1307 | Missing Authorization vulnerability in Spicethemes Newscrunch The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. | 9.8 |