CVE-2025-1304 – NewsBlogger for WordPress Arbitrary File Upload Vulnerability

May 1, 2025

CVE ID : CVE-2025-1304

Published : May 1, 2025, 4:16 a.m. | 2 hours, 53 minutes ago

Description : The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1305 – NewsBlogger WordPress CSRF Remote Code Execution Vulnerability

Next Article Apache ActiveMQ Vulnerability Allows Remote Attackers to Execute Arbitrary Code

Highlights

CVE-2025-4565 – Google Protocol Buffers Python Denial of Service

June 16, 2025

CVE ID : CVE-2025-4565

Published : June 16, 2025, 3:15 p.m. | 3 hours, 6 minutes ago

Description : Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgrading to version =>6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-1304 – NewsBlogger for WordPress Arbitrary File Upload Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-4026 – PHPGurukul Nipah Virus Testing Management System SQL Injection Vulnerability

PlayStation hikes prices after Xbox — inflation or just peer pressure? Here’s what each model will now cost.

CVE-2025-4435 – TarFile Errorlevel Extraction Vulnerability

Confronting the AI/energy conundrum

CVE-2025-4565 – Google Protocol Buffers Python Denial of Service

You can save up to $700 on my favorite Bluetti power stations for Labor Day

AlphaPlot generates 2D and 3D plots

CVE-2025-7756 – Code-Projects E-Commerce Site Cross-Site Request Forgery Vulnerability

CVE-2025-1304 – NewsBlogger for WordPress Arbitrary File Upload Vulnerability

Related Posts