PT-2026-20586 · WordPress · Newsblogger
Lucky_Buddy
·
Publicado
2026-02-19
·
Atualizado
2026-02-23
·
CVE-2025-12821
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NewsBlogger versions 0.2.5.6 through 0.2.6.1
Description
The NewsBlogger WordPress theme is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the
newsblogger install and activate plugin() function. This allows unauthenticated attackers to potentially upload arbitrary files and achieve remote code execution by deceiving a site administrator into performing an action, such as clicking a malicious link. This issue represents a regression of a previous fix.Recommendations
NewsBlogger version 0.2.5.6: Update to a newer version.
NewsBlogger version 0.2.5.7: Update to a newer version.
NewsBlogger version 0.2.5.8: Update to a newer version.
NewsBlogger version 0.2.5.9: Update to a newer version.
NewsBlogger version 0.2.6.0: Update to a newer version.
NewsBlogger version 0.2.6.1: Update to a newer version.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Newsblogger