CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3815 – Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta
https://notcve.org/view.php?id=CVE-2024-3815
18 Apr 2024 — The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El tema Newspaper para WordPress es vulnerable a Cross-Site Scripting ... • https://themeforest.net/item/newspaper/5489609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 1CVE-2022-3477 – tagDiv Composer < 3.5 - Unauthenticated Account Takeover
https://notcve.org/view.php?id=CVE-2022-3477
24 Oct 2022 — The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address El complemento de WordPress tagDiv Composer anterior a 3.5, requerido por el tema Newspaper WordPress anterior a 12.1 y el tema Newsmag de WordPress anterior a 5.2.2, no implementa correctamente la función de inicio de ... • https://wpscan.com/vulnerability/993a95d2-6fce-48de-ae17-06ce2db829ef • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2167 – Newspaper < 12 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2167
10 Oct 2022 — The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting El tema Newspaper WordPress anterior a la 12 no sanitiza un parámetro antes de devolverlo a un atributo HTML a través de una acción AJAX, lo que genera Reflected Cross-Site Scripting. The Newspaper theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an AJAX action in versions up to, and including, 11.5.1 due t... • https://wpscan.com/vulnerability/ad35fbae-1e90-47a0-b1d2-f8d91a5db90e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 30%CPEs: 1EXPL: 1CVE-2022-2627 – Newspaper < 12 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2627
10 Oct 2022 — The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting. El tema Newspaper WordPress anterior a la 12 no sanitiza un parámetro antes de devolverlo a un atributo HTML a través de una acción AJAX, lo que genera Reflected Cross-Site Scripting. The Newspaper theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an AJAX action in versions up to, and including, 11.5.1 due ... • https://wpscan.com/vulnerability/038327d0-568f-4011-9b7e-3da39e8b6aea • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2017-15981 – Newspaper 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-15981
31 Oct 2017 — Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. Responsive Newspaper Magazine & Blog CMS 1.0 permite que se produzca inyección SQL mediante el parámetro id en admin/admin_process.php para la edición de formularios. Newspaper Magazine and Blog CMS version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/144856 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2016-10972 – Newspaper - News & WooCommerce WordPress Theme <= 6.7 - Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2016-10972
06 Jun 2016 — The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. El tema newspaper versiones anteriores a 6.7.2 para WordPress, posee una falta de opciones de control de acceso mediante la función td_ajax_update_panel. • https://wpvulndb.com/vulnerabilities/8852 • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-18634 – Newspaper - News & WooCommerce WordPress Theme < 6.7.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18634
06 Jun 2016 — The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php. El tema newspaper versiones anteriores a 6.7.2 para WordPress, presenta una inyección de script por medio de la función td_ads[header] en el archivo admin-ajax.php. • https://blog.sucuri.net/2017/06/unwanted-shorte-st-ads-in-unpatched-newspaper-theme.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •