Jnews CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Jnews Subscriptions

Filtered by product Jnews Subscriptions

Search

Switch to Advanced Search (Beta)

Total 6 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-68905	2 Jnews, Wordpress	2 Jnews, Wordpress	2026-01-23	N/A
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.This issue affects JNews - Pay Writer: from n/a through <= 11.0.0.
CVE-2025-68904	2 Jnews, Wordpress	2 Jnews, Wordpress	2026-01-23	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through <= 11.0.0.
CVE-2025-68906	2 Jnews, Wordpress	2 Jnews, Wordpress	2026-01-23	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through <= 11.0.2.
CVE-2025-67591	2 Jnews, Wordpress	2 Jnews, Wordpress	2026-01-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in jegtheme JNews Paywall jnews-paywall allows Cross Site Request Forgery.This issue affects JNews Paywall: from n/a through < 12.0.1.
CVE-2025-67538	2 Jnews, Wordpress	2 Jnews, Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme JNews Gallery jnews-gallery allows Stored XSS.This issue affects JNews Gallery: from n/a through < 12.0.1.
CVE-2021-24342	1 Jnews	1 Jnews	2024-11-21	6.1 Medium
The JNews WordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*), leading to a Reflected Cross-Site Scripting (XSS) issue.

Page 1 of 1.