CVE-2025-1306 | spicethemes Newscrunch Plugin up to 1.8.4 on WordPress newscrunch_install_and_activate_plugin cross-site request forgery

Inserito da Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability was found in spicethemes Newscrunch Plugin up to 1.8.4 on WordPress. It has been classified as problematic. Affected is the function newscrunch_install_and_activate_plugin. The manipulation leads to cross-site request forgery.

This vulnerability is traded as CVE-2025-1306. It is possible to launch the attack remotely. There is no exploit available.

CVE-2025-1306 | spicethemes Newscrunch Plugin up to 1.8.4 on WordPress newscrunch_install_and_activate_plugin cross-site request forgery

Post correlati

CVE-2024-20469 | Cisco Identity Services Engine Software up to 3.3.0 CLI os command injection (cisco-sa-ise-injection-6kn9tSxm)

CVE-2023-42747 | Unisoc S8000 Camera Service permission

CVE-2024-47416 | Adobe Animate up to 23.0.7/24.0.4 integer overflow (apsb24-76)

CVE-2024-33307 | SourceCodester Laboratory Management System 1.0 Create User Last Name cross site scripting