Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
NewsBlogger Theme for WordPress Allows Attackers to Upload Malicious Files
CVE-2025-12821
Summary
The NewsBlogger theme for WordPress has a security issue that lets attackers upload malicious files if they trick a site administrator into clicking on a link. This can allow the attacker to run code on the site. To stay safe, update to the latest version of the NewsBlogger theme or remove it until a fix is available.
Original title
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_...
Original description
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a reverted fix of CVE-2025-1305.
nvd CVSS3.1
8.8
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026