CVE-2025-12821
Published: 19 February 2026
Summary
CVE-2025-12821 is a high-severity CSRF (CWE-352) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-12821 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the NewsBlogger theme for WordPress. It affects versions 0.2.5.6 through 0.2.6.1 and arises from missing or incorrect nonce validation in the newsblogger_install_and_activate_plugin() function. This flaw enables unauthenticated attackers to upload arbitrary files and achieve remote code execution, stemming from a reverted fix for the related CVE-2025-1305.
The attack requires tricking a site administrator into performing an action, such as clicking a malicious link, which submits a forged request. Unauthenticated attackers can exploit this over the network with low complexity, though it relies on user interaction. Successful exploitation grants high confidentiality, integrity, and availability impacts, as reflected in the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Advisories and technical details, including code references, are available from the WordPress theme trac repository at https://themes.trac.wordpress.org/browser/newsblogger/0.2.5.8/functions.php#L499 and Wordfence threat intelligence at https://www.wordfence.com/threat-intel/vulnerabilities/id/9f33096a-dfd5-48c1-84d8-30a0faa2a7f5?source=cve.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207882
Vulnerability details
The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files…
more
and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a reverted fix of CVE-2025-1305.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public-facing WordPress theme enables RCE via malicious link tricking admin (T1190 + T1204.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SC-23 requires session authenticity mechanisms like nonces, directly mitigating the missing nonce validation in the newsblogger_install_and_activate_plugin() function that enables CSRF attacks.
SI-10 enforces validation of information inputs such as nonces and uploaded files, preventing forged requests and arbitrary file uploads leading to RCE.
SI-2 mandates timely remediation of identified flaws, ensuring the vulnerable NewsBlogger theme versions are patched to address the CSRF issue.