Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

spicethemes — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting spicethemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by spicethemes:NewsBloggerSpice Starter SitesNewscrunchSpice BlocksCarousel, Recent Post Slider and Banner SliderSpicePress
CVE IDTitleCVSSSeverityPublished
CVE-2026-39621 WordPress SpicePress theme <= 2.3.2.5 - CSRF to Arbitrary Plugin Installation vulnerability — SpicePressCWE-352 8.8AIHighAI2026-04-08
CVE-2025-12821 NewsBlogger <= 0.2.5.6 - 0.2.6.1 - Cross-Site Request Forgery to Arbitrary Plugin Installation — NewsBloggerCWE-352 8.8 High2026-02-19
CVE-2025-48130 WordPress Spice Blocks plugin <= 2.0.7.4 - Arbitrary File Download vulnerability — Spice BlocksCWE-22 7.5 High2025-06-09
CVE-2025-1304 NewsBlogger <= 0.2.5.1 - Authenticated (Subscriber+) Arbitrary File Upload — NewsBloggerCWE-862 8.8 High2025-05-01
CVE-2025-1305 NewsBlogger <= 0.2.5.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation — NewsBloggerCWE-352 8.8 High2025-05-01
CVE-2025-39532 WordPress Spice Blocks plugin <= 2.0.7.7 - Broken Access Control vulnerability — Spice BlocksCWE-862 7.5 High2025-04-17
CVE-2025-1307 Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload — NewscrunchCWE-862 9.8 Critical2025-03-04
CVE-2025-1306 Newscrunch <= 1.8.4 - Cross-Site Request Forgery to Arbitrary File Upload — NewscrunchCWE-352 8.8 High2025-03-04
CVE-2024-8430 Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import — Spice Starter SitesCWE-862 5.3 Medium2024-10-01
CVE-2024-44003 WordPress Spice Starter Sites plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability — Spice Starter SitesCWE-79 7.1 High2024-09-17
CVE-2023-5362 Carousel, Recent Post Slider and Banner Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Carousel, Recent Post Slider and Banner SliderCWE-79 6.4 Medium2023-10-30

This page lists every published CVE security advisory associated with spicethemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.