Themes Vulnerabilities

Newspaper Theme < 9.5 - Cross-Site Scripting (XSS)

Description

From the changelog:

Newspaper - Version: 9.2.2

fix: XSS Security issue.

Affects Themes

Newspaper
Fixed in 9.5

References

URL
https://themeforest.net/item/newspaper/5489609
URL
https://tagdiv.com/newspaper/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Unknown
Submitter
Noman Riffat
Submitter twitter
nomanriffat
Verified
No
WPVDB ID
6a49d822-3fc1-45c7-ad2f-81dcdb8083f9

Timeline

Publicly Published
2019-02-14 (about 7 years ago)
Added
2019-02-14 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-01-16
Title
Easy Shortcode Buttons <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-09-03
Title
Cookie Notice & Consent Banner for GDPR & CCPA Compliance < 1.7.12 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-04-11
Title
WP Featured Screenshot <= 1.3 - Reflected Cross-Site Scripting
Published
2025-12-23
Title
Responsive Posts Carousel Pro < 15.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-04-10
Title
WooCommerce TBC Credit Card Payment Gateway (Free) <= 2.0.0 - Reflected Cross-Site Scripting