CVE-2025-1305 | NewsBlogger Theme up to 0.2.5.4 on WordPress Plugin Installation newsblogger_install_and_activate_plugin cross-site request forgery

Inserito da Angelo Barbosa | Apr 30, 2025 | CVE

A vulnerability classified as problematic has been found in NewsBlogger Theme up to 0.2.5.4 on WordPress. This affects the function newsblogger_install_and_activate_plugin of the component Plugin Installation Handler. The manipulation leads to cross-site request forgery.

This vulnerability is uniquely identified as CVE-2025-1305. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-1305 | NewsBlogger Theme up to 0.2.5.4 on WordPress Plugin Installation newsblogger_install_and_activate_plugin cross-site request forgery

Post correlati

CVE-2024-7828 | D-Link DNS-1550-04 up to 20240814 photocenter_mgr.cgi cgi_set_cover album_name buffer overflow

CVE-2025-20118 | Cisco Application Policy Infrastructure Controller up to 6.1(1f) System CLI Command improper removal of sensitive information before storage or transfer (cisco-sa-apic-multi-vulns-9ummtg5)

CVE-2024-53270 | Envoy up to 1.29.11/1.30.8/1.31.4/1.32.2 sendOverloadError control flow (GHSA-q9qv-8j52-77p3)

CVE-2020-18305 | Extreme Networks Networks EXOS up to 30.2 Web GUI access control