CVE-2025-1306 | spicethemes Newscrunch Plugin up to 1.8.4 on WordPress newscrunch_install_and_activate_plugin cross-site request forgery

Inserito da Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability was found in spicethemes Newscrunch Plugin up to 1.8.4 on WordPress. It has been classified as problematic. Affected is the function newscrunch_install_and_activate_plugin. The manipulation leads to cross-site request forgery.

This vulnerability is traded as CVE-2025-1306. It is possible to launch the attack remotely. There is no exploit available.

CVE-2025-1306 | spicethemes Newscrunch Plugin up to 1.8.4 on WordPress newscrunch_install_and_activate_plugin cross-site request forgery

Post correlati

CVE-2025-23411 | mySCADA myPRO Manager up to 1.3 cross-site request forgery (icsa-25-044-16)

CVE-2024-8523 | lmxcms up to 1.4 SQL Command Execution Module admin.php formatData data code injection

CVE-2024-6151 | Citrix Virtual Apps and Desktops privileges management (CTX678035)

CVE-2024-52594 | matrix-org gomatrixserverlib server-side request forgery (GHSA-4ff6-858j-r822)