CVE-2025-1304 | NewsBlogger Theme up to 0.2.5.1 on WordPress newsblogger_install_and_activate_plugin unrestricted upload

Inserito da Angelo Barbosa | Apr 30, 2025 | CVE

A vulnerability was found in NewsBlogger Theme up to 0.2.5.1 on WordPress. It has been declared as critical. Affected by this vulnerability is the function newsblogger_install_and_activate_plugin. The manipulation leads to unrestricted upload.

This vulnerability is known as CVE-2025-1304. The attack can be launched remotely. There is no exploit available.

CVE-2025-1304 | NewsBlogger Theme up to 0.2.5.1 on WordPress newsblogger_install_and_activate_plugin unrestricted upload

Post correlati

CVE-2024-38573 | Linux Kernel up to 5.15.160/6.1.92/6.6.32/6.8.11/6.9.2 cppc_cpufreq_get_rate null pointer dereference

CVE-2023-6760 | Thecosy IceCMS up to 2.0.1 user session

CVE-2024-9100 | Zoho ManageEngine Analytics Plus/Analytics On-Premise up to 5409 path traversal

CVE-2024-20007 | MediaTek MT8798 mp3 Decoder out-of-bounds write (ALPS08441369)