{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1305", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-14T19:00:13.000Z", "datePublished": "2025-05-01T03:23:39.014Z", "dateUpdated": "2026-04-08T17:02:27.057Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:02:27.057Z"}, "affected": [{"vendor": "spicethemes", "product": "NewsBlogger", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.2.5.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2cac27-4a36-490f-b2d8-3c6f32843a38?source=cve"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L440"}, {"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=269615%40newsblogger&new=269615%40newsblogger&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Gibran Abdillah"}], "timeline": [{"time": "2025-04-30T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-01T13:22:47.012581Z", "id": "CVE-2025-1305", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T13:22:53.910Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1305", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-01T13:22:47.012581Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T13:22:50.513Z"}}], "cna": {"title": "NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation", "credits": [{"lang": "en", "type": "finder", "value": "Gibran Abdillah"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "spicethemes", "product": "NewsBlogger", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.2.5.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-30T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2cac27-4a36-490f-b2d8-3c6f32843a38?source=cve"}, {"url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L440"}, {"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=269615%40newsblogger&new=269615%40newsblogger&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:02:27.057Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1305", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:02:27.057Z", "dateReserved": "2025-02-14T19:00:13.000Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-01T03:23:39.014Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:spicethemes:newsblogger:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D56C279C-DAB7-407F-A2C0-436458EE55F0", "versionEndExcluding": "0.2.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El tema NewsBlogger para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 0.2.5.4 incluida. Esto se debe a la falta o a una validaci\u00f3n incorrecta de nonce en la funci\u00f3n newsblogger_install_and_activate_plugin(). Esto permite que atacantes no autenticados carguen archivos arbitrarios y ejecuten c\u00f3digo remoto mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-1305", "lastModified": "2025-05-06T15:38:55.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-05-01T04:16:47.947", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://themes.trac.wordpress.org/browser/newsblogger/0.2/functions.php#L440"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=269615%40newsblogger&new=269615%40newsblogger&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2cac27-4a36-490f-b2d8-3c6f32843a38?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:03:44.959948+00:00", "value": {"mitigation_remediation": ["Update the NewsBlogger theme to the latest release that includes a nonce check for the plugin installation routine.", "If a newer release is unavailable, replace the vulnerable function in functions.php with code that performs proper nonce verification before accepting any file uploads.", "As an interim measure, lock down administrative access with IP restrictions or two\u2011factor authentication and disable remote plugin installation until the theme is updated."], "summary": {"action": "Immediate patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "Spice Themes\u2019 NewsBlogger WordPress theme, versions up to and including 0.2.5.4. The vulnerability applies to any installation of these releases; no specific sub\u2011components are exempt. Users should verify the exact theme version and whether it resides on a site still using the affected releases.\n", "description_and_impact": "The NewsBlogger WordPress theme is vulnerable to Cross\u2011Site Request Forgery because the newsblogger_install_and_activate_plugin() function does not correctly validate a security nonce. An attacker who can make a site administrator unknowingly submit a forged request can cause the theme to upload arbitrary files. Once the malicious file is in place the attacker can execute code with full administrative privileges, compromising confidentiality, integrity, and availability of the entire site. This flaw is a classic example of CWE\u2011352, where missing anti\u2011CSRF measures allow unauthorized remote actions.\n", "risk_and_exploitability": "The CVSS score of 8.8 places the flaw in the High severity category. The EPSS score of less than 1% indicates a low current exploitation probability, yet the vulnerability remains dangerous because exploitation requires only a forged request and no prior authentication. The flaw is not listed in CISA\u2019s KEV catalog, but that does not reduce the risk for affected installations. In practice, an attacker would target an administrator\u2019s browser, sending a malicious link that triggers the flawed plugin installation routine, thereby gaining remote code execution.\n"}}}}, "created": "2026-04-21T21:15:45.444791+00:00", "updated": "2026-04-21T21:15:45.444804+00:00", "vendors": []}