CVE-2025-12821 - NewsBlogger <= 0.2.5.6 - 0.2.6.1 - cross-site request forgery to arbitrary plugi...

CVE ID : CVE-2025-12821 Published : Feb. 19, 2026, 3:25 a.m. | 50 minutes ago Description : The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a reverted fix of CVE-2025-1305. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...