VulnTitan VulnTitan Security command center
Theme Vulnerability Hub
Theme 9 known issues Latest disclosed Apr 18, 2024

Newspaper - News & WooCommerce WordPress Theme Vulnerabilities

Review known vulnerability records for the WordPress theme Newspaper - News & WooCommerce WordPress Theme (`newspaper`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-3815, CVE-2023-1597 and CVE-2022-3477, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
3
Patch Coverage
100%
Last Updated
Jun 15, 2024
Priority CVE Quick Links

Fast paths into Newspaper - News & WooCommerce WordPress Theme CVE reports

Start with the highest-signal CVE records for this WordPress theme before scanning the full vulnerability feed.

Indexed CVEs
7
CVE-2023-1597 Critical 12.4
CVE-2023-1597 Newspaper - News & WooCommerce WordPress Theme Vulnerability

tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update

CVE-2022-3477 Critical 12.1
CVE-2022-3477 Newspaper - News & WooCommerce WordPress Theme Privilege Escalation

tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation

CVE-2016-10972 Critical 6.7.2
CVE-2016-10972 Newspaper - News & WooCommerce WordPress Theme Vulnerability

Newspaper - News & WooCommerce WordPress Theme <= 6.7 - Arbitrary Options Update

CVE-2017-18634 Medium 6.7.2
CVE-2017-18634 Newspaper - News & WooCommerce WordPress Theme Cross-Site Scripting

Newspaper - News & WooCommerce WordPress Theme < 6.7.2 - Cross-Site Scripting

CVE-2022-2627 Medium 12
CVE-2022-2627 Newspaper - News & WooCommerce WordPress Theme Cross-Site Scripting

Newspaper <= 11.5.1 - Reflected Cross-Site Scripting

CVE-2022-2167 Medium 12
CVE-2022-2167 Newspaper - News & WooCommerce WordPress Theme Cross-Site Scripting

Newspaper <= 11.5.1 - Reflected Cross-Site Scripting

CVE-2024-3815 Medium 12.6.6
CVE-2024-3815 Newspaper - News & WooCommerce WordPress Theme Stored Cross-Site Scripting

Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Newspaper - News & WooCommerce WordPress Theme so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
9 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
3 critical and 0 high severity findings.
Recent CVEs
CVE-2024-3815, CVE-2023-1597 and CVE-2022-3477
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Newspaper - News & WooCommerce WordPress Theme

Sorted by latest disclosure date so newly published issues surface first.

Theme Medium Patched: Yes CVE-2024-3815
CVE-2024-3815: Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta

The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for a...

Published
Apr 18, 2024
Patched Release
12.6.6
Affected Versions
Versions up to 12.6.5
Next Step
Update to 12.6.6 or newer if supported.
Open CVE-2024-3815 Report Open CVE Reference
Theme Critical Patched: Yes CVE-2023-1597
CVE-2023-1597: tagDiv Cloud Library < 2.7 - Missing Authorization to Arbitrary User Metadata Update

The tagDiv Cloud Library plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tdb_user_form_on_submit() function called via an AJAX action in versions prior to 2.7. This makes it possible for unauthenticated attackers to...

Published
Jun 19, 2023
Patched Release
12.4
Affected Versions
Versions up to 12.3
Next Step
Update to 12.4 or newer if supported.
Open CVE-2023-1597 Report Open CVE Reference
Theme Critical Patched: Yes CVE-2022-3477
CVE-2022-3477: tagDiv Composer < 3.5 - Unauthorized Account Access and Privilege Escalation

The tagDiv Composer plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, but not including, 3.5 due to improper implementation of the Facebook login feature. This allows unauthenticated attackers to log in as any user as lo...

Published
Oct 24, 2022
Patched Release
12.1
Affected Versions
Versions up to 12
Next Step
Update to 12.1 or newer if supported.
Open CVE-2022-3477 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2022-2627
CVE-2022-2627: Newspaper <= 11.5.1 - Reflected Cross-Site Scripting

The Newspaper theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an AJAX action in versions up to, and including, 11.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s...

Published
Oct 10, 2022
Patched Release
12
Affected Versions
Versions up to 11.5.1
Next Step
Update to 12 or newer if supported.
Open CVE-2022-2627 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2022-2167
CVE-2022-2167: Newspaper <= 11.5.1 - Reflected Cross-Site Scripting

The Newspaper theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an AJAX action in versions up to, and including, 11.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web s...

Published
Oct 10, 2022
Patched Release
12
Affected Versions
Versions up to 11.5.1
Next Step
Update to 12 or newer if supported.
Open CVE-2022-2167 Report Open CVE Reference
Theme Medium Patched: Yes
Newspaper <= 10.3.3 - Reflected Cross-Site Scripting

The Newspaper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 10.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

Published
Jun 03, 2020
Patched Release
10.3.4
Affected Versions
Versions up to 10.3.3
Next Step
Update to 10.3.4 or newer if supported.
Open Full Report
Theme Medium Patched: Yes
Newspaper < 9.2.2 - Cross-Site Scripting

The Newspaper theme for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 9.2.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.

Published
Feb 14, 2019
Patched Release
9.2.2
Affected Versions
Versions before 9.2.2
Next Step
Update to 9.2.2 or newer if supported.
Open Full Report
Theme Medium Patched: Yes CVE-2017-18634
CVE-2017-18634: Newspaper - News & WooCommerce WordPress Theme < 6.7.2 - Cross-Site Scripting

The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.

Published
Jun 06, 2016
Patched Release
6.7.2
Affected Versions
Versions before 6.7.2
Next Step
Update to 6.7.2 or newer if supported.
Open CVE-2017-18634 Report Open CVE Reference
Theme Critical Patched: Yes CVE-2016-10972
CVE-2016-10972: Newspaper - News & WooCommerce WordPress Theme <= 6.7 - Arbitrary Options Update

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.

Published
Jun 06, 2016
Patched Release
6.7.2
Affected Versions
Versions up to 6.7.1
Next Step
Update to 6.7.2 or newer if supported.
Open CVE-2016-10972 Report Open CVE Reference