{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1304", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-14T18:56:39.424Z", "datePublished": "2025-05-01T03:23:39.579Z", "dateUpdated": "2026-04-08T17:04:40.080Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:04:40.080Z"}, "affected": [{"vendor": "spicethemes", "product": "NewsBlogger", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.2.5.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85cea6b5-d57b-495e-a504-a0c1ba691637?source=cve"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L440"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L461"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L470"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2.5.5/functions.php?annotate=blame&rev=269615#file2"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Alexander Chikaylo"}], "timeline": [{"time": "2025-04-30T15:00:22.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-01T13:22:14.838248Z", "id": "CVE-2025-1304", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T13:22:21.753Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1304", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-01T13:22:14.838248Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T13:22:18.801Z"}}], "cna": {"title": "NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Alexander Chikaylo"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "spicethemes", "product": "NewsBlogger", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.2.5.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-30T15:00:22.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85cea6b5-d57b-495e-a504-a0c1ba691637?source=cve"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L440"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L461"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L470"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2.5.5/functions.php?annotate=blame&rev=269615#file2"}], "descriptions": [{"lang": "en", "value": "The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:04:40.080Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1304", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:04:40.080Z", "dateReserved": "2025-02-14T18:56:39.424Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-01T03:23:39.579Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:spicethemes:newsblogger:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C9186007-5C8A-4865-9817-D116CA2AF3A7", "versionEndExcluding": "0.2.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El tema NewsBlogger para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n newsblogger_install_and_activate_plugin() en todas las versiones hasta la 0.2.5.1 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-1304", "lastModified": "2025-05-06T15:38:17.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-01T04:16:43.183", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2.5.5/functions.php?annotate=blame&rev=269615#file2"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L440"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L461"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L470"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85cea6b5-d57b-495e-a504-a0c1ba691637?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:02:54.135161+00:00", "value": {"mitigation_remediation": ["Update the NewsBlogger theme to the latest available release (at least v0.2.5.5) which includes the missing capability check.", "If an upgrade is not immediately possible, disable the theme\u2019s file upload functionality or remove the plugin\u2010activation capability by editing the theme files to enforce stricter permission checks.", "After remediation, scan the site\u2019s files for malicious uploads, monitor for suspicious activity, and apply additional file\u2011type restrictions or move important uploads outside the web root."], "summary": {"action": "Apply Patch", "impact": "Remote code execution via arbitrary file upload"}, "threat_synthesis": {"affected_systems": "WordPress websites that use the NewsBlogger theme version 0.2.5.1 or earlier are affected. The issue exists in all prior releases up to and including v0.2.5.1. Site administrators should verify the theme version via the WordPress dashboard or theme files.", "description_and_impact": "The NewsBlogger WordPress theme contains a missing capability check in the function that installs and activates the plugin, allowing authenticated users with subscriber-level permission or higher to upload any file type to the server. This flaw enables an attacker to place malicious code on the site, potentially leading to remote code execution, data theft, or site defacement. The vulnerability affects confidentiality, integrity, and availability of the affected WordPress installation by granting the attacker the means to run code with the webserver\u2019s privileges.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity attack. An EPSS score of 2% suggests that the probability of exploitation is low but not negligible. The vulnerability is not listed in CISA\u2019s KEV catalog, so no known public exploits are documented. The attack vector requires authentication; an attacker must have at least subscriber-level access. Once authenticated, the attacker can upload arbitrary files that can be executed by the webserver, leading to full remote code execution on the host."}}}}, "created": "2026-04-21T21:15:45.444409+00:00", "updated": "2026-04-21T21:15:45.444425+00:00", "vendors": []}