CVE-2025-1305 | NewsBlogger Theme up to 0.2.5.4 on WordPress Plugin Installation newsblogger_install_and_activate_plugin cross-site request forgery

Inserito da Angelo Barbosa | Apr 30, 2025 | CVE

A vulnerability classified as problematic has been found in NewsBlogger Theme up to 0.2.5.4 on WordPress. This affects the function newsblogger_install_and_activate_plugin of the component Plugin Installation Handler. The manipulation leads to cross-site request forgery.

This vulnerability is uniquely identified as CVE-2025-1305. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-1305 | NewsBlogger Theme up to 0.2.5.4 on WordPress Plugin Installation newsblogger_install_and_activate_plugin cross-site request forgery

Post correlati

CVE-2022-45176 | Livebox Collaboration vDesk up to 018 /api/v1/getbodyfile uri cross site scripting

CVE-2024-24846 | MightyThemes Mighty Addons for Elementor Plugin up to 1.9.3 on WordPress cross site scripting

CVE-2024-25600 | Bricks Plugin up to 1.9.6 on WordPress improper authentication

CVE-2024-12879 | WPBot Pro WordPress Chatbot up to 13.5.5 on WordPress Simple Text Response Creation authorization