Spicethemes

spicethemes

6 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Carousel, Recent Post Slider And Banner Slider

carousel,_recent_post_slider_and_banner_slider

Spice Starter Sites

spice_starter_sites

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-1305 1Spicethemes 1Newsblogger May 6, 2025 May 1, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_...Show more The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2025-1304 1Spicethemes 1Newsblogger May 6, 2025 May 1, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This...Show more The NewsBlogger theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the newsblogger_install_and_activate_plugin() function in all versions up to, and including, 0.2.5.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2025-1307 1Spicethemes 1Newscrunch Mar 5, 2025 Mar 4, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. This ma...Show more The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.Show less
CVE-2025-1306 1Spicethemes 1Newscrunch Mar 5, 2025 Mar 4, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_install_and_activate_plug...Show more The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunch_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2024-44003 1Spicethemes 1Spice Starter Sites Apr 23, 2026 Sep 18, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites spice-starter-sites allows Reflected XSS.This issue affects Spice Starter Sites: from...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spicethemes Spice Starter Sites spice-starter-sites allows Reflected XSS.This issue affects Spice Starter Sites: from n/a through <= 1.2.5.Show less
CVE-2023-5362 1Spicethemes 1Carousel, Recent Post Slider And Banner Slider Apr 8, 2026 Oct 30, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanit...Show more The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less