Spicethemes Newscrunch vulnerabilities
2 known vulnerabilities affecting spicethemes/newscrunch.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-1307P2CRITICALCVSS 9.8fixed in 1.8.4.1≤ 1.8.42025-03-04
CVE-2025-1307 [CRITICAL] CWE-862 CVE-2025-1307: The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capabili
The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site
nvd
CVE-2025-1306P3HIGHCVSS 8.8fixed in 1.8.4.1≤ 1.8.42025-03-04
CVE-2025-1306 [HIGH] CWE-352 CVE-2025-1306: The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to
The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can tri
nvd