CVE-2025-1307 | spicethemes Newscrunch Plugin up to 1.8.4 on WordPress newscrunch_install_and_activate_plugin authorization

Inserito da Angelo Barbosa | Mar 4, 2025 | CVE

A vulnerability was found in spicethemes Newscrunch Plugin up to 1.8.4 on WordPress and classified as critical. This issue affects the function newscrunch_install_and_activate_plugin. The manipulation leads to missing authorization.

The identification of this vulnerability is CVE-2025-1307. The attack may be initiated remotely. There is no exploit available.

CVE-2025-1307 | spicethemes Newscrunch Plugin up to 1.8.4 on WordPress newscrunch_install_and_activate_plugin authorization

Post correlati

CVE-2025-0873 | itsourcecode Tailoring Management System 1.0 /customeredit.php sql injection

CVE-2023-52251 | kafka-ui up to 0.7.1 messages q Remote Code Execution

CVE-2025-26156 | PHPGurukul Online Shopping Portal 2.1 POST Request Parameter track-orders.php orderid sql injection

CVE-2024-47181 | Contiki-NG up to 4.9 rpl_ext_header_hbh_update type conversion (GHSA-crjw-x84h-h6x3)