Cyber Resilience

CVE-2025-12821

High

Published: 19 February 2026

Published
19 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0029 20.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-12821 is a high-severity CSRF (CWE-352) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 20.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-12821 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the NewsBlogger theme for WordPress. It affects versions 0.2.5.6 through 0.2.6.1 and arises from missing or incorrect nonce validation in the newsblogger_install_and_activate_plugin() function. This flaw enables unauthenticated attackers to upload arbitrary files and achieve remote code execution, stemming from a reverted fix for the related CVE-2025-1305.

The attack requires tricking a site administrator into performing an action, such as clicking a malicious link, which submits a forged request. Unauthenticated attackers can exploit this over the network with low complexity, though it relies on user interaction. Successful exploitation grants high confidentiality, integrity, and availability impacts, as reflected in the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Advisories and technical details, including code references, are available from the WordPress theme trac repository at https://themes.trac.wordpress.org/browser/newsblogger/0.2.5.8/functions.php#L499 and Wordfence threat intelligence at https://www.wordfence.com/threat-intel/vulnerabilities/id/9f33096a-dfd5-48c1-84d8-30a0faa2a7f5?source=cve.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in versions 0.2.5.6 to 0.2.6.1. This is due to missing or incorrect nonce validation on the newsblogger_install_and_activate_plugin() function. This makes it possible for unauthenticated attackers to upload arbitrary files…

more

and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is due to a reverted fix of CVE-2025-1305.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
Why these techniques?

CSRF in public-facing WordPress theme enables RCE via malicious link tricking admin (T1190 + T1204.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-70031Shared CWE-352
CVE-2025-23902Shared CWE-352
CVE-2026-34384Shared CWE-352
CVE-2025-23880Shared CWE-352
CVE-2025-30550Shared CWE-352
CVE-2024-53829Shared CWE-352
CVE-2025-23805Shared CWE-352
CVE-2025-59541Shared CWE-352
CVE-2025-25147Shared CWE-352
CVE-2024-13753Shared CWE-352

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-23 requires session authenticity mechanisms like nonces, directly mitigating the missing nonce validation in the newsblogger_install_and_activate_plugin() function that enables CSRF attacks.

prevent

SI-10 enforces validation of information inputs such as nonces and uploaded files, preventing forged requests and arbitrary file uploads leading to RCE.

prevent

SI-2 mandates timely remediation of identified flaws, ensuring the vulnerable NewsBlogger theme versions are patched to address the CSRF issue.

References