{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8682", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-06T19:54:30.816Z", "datePublished": "2025-10-11T09:28:39.133Z", "dateUpdated": "2026-04-08T17:09:42.289Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:09:42.289Z"}, "affected": [{"vendor": "themeansar", "product": "Newsup", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.0.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsup_admin_info_install_plugin() function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin."}], "title": "Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/939b408c-ae22-40ce-b500-317150a2da3b?source=cve"}, {"url": "https://research.cleantalk.org/cve-2025-8682"}, {"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=292407%40newsup&new=292407%40newsup&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "timeline": [{"time": "2025-10-10T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-14T18:32:00.587956Z", "id": "CVE-2025-8682", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T18:45:32.811Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8682", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-14T18:32:00.587956Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-14T18:32:01.742Z"}}], "cna": {"title": "Newsup <= 5.0.10 - Missing Authorization to Authenticated (Subscriber+) Plugin Installation", "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "themeansar", "product": "Newsup", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "5.0.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-10T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/939b408c-ae22-40ce-b500-317150a2da3b?source=cve"}, {"url": "https://research.cleantalk.org/cve-2025-8682"}, {"url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=292407%40newsup&new=292407%40newsup&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsup_admin_info_install_plugin() function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-10-11T09:28:39.133Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8682", "state": "PUBLISHED", "dateUpdated": "2025-10-14T18:45:32.811Z", "dateReserved": "2025-08-06T19:54:30.816Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-11T09:28:39.133Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Newsup theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the newsup_admin_info_install_plugin() function in all versions up to, and including, 5.0.10. This makes it possible for unauthenticated attackers to install the ansar-import plugin."}], "id": "CVE-2025-8682", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-11T10:15:44.433", "references": [{"source": "security@wordfence.com", "url": "https://research.cleantalk.org/cve-2025-8682"}, {"source": "security@wordfence.com", "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=292407%40newsup&new=292407%40newsup&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/939b408c-ae22-40ce-b500-317150a2da3b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T03:58:54.998939+00:00", "value": {"mitigation_remediation": ["Apply the latest Newsup theme that includes the missing capability check (versions higher than 5.0.10).", "If the ansar\u2011import plugin has already been installed, remove or disable it immediately.", "Review the WordPress plugin list for any unfamiliar or recently added plugins and delete those that were not authorized.", "Enable a security plugin or logging mechanism to capture and review plugin\u2011installation events for early detection of unauthorized activity."], "summary": {"action": "Patch Theme", "impact": "Unauthorized Plugin Installation"}, "threat_synthesis": {"affected_systems": "WordPress installations that employ the themeansar:Newsup theme, version 5.0.10 or earlier, are affected. The flaw resides solely in the theme\u2019s admin code and does not affect other WordPress components.", "description_and_impact": "The Newsup theme for WordPress contains a missing capability check on the newsup_admin_info_install_plugin() function (CWE\u2011862). In all versions up to 5.0.10 an unprivileged user can trigger the installation of the ansar\u2011import plugin, adding code that the site owner did not authorize and potentially compromising the site\u2019s integrity.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity, while the EPSS score of less than 1% suggests low current exploitation likelihood. The vulnerability is not cataloged in the CISA KEV list. Attackers can exercise the flaw remotely and without authentication by sending a request to the theme\u2019s admin endpoint; no additional privileges are required."}}}}, "created": "2025-10-20T16:15:03.434067+00:00", "updated": "2026-04-22T04:00:08.025823+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}