Primary

Context

JNews WordPress Theme Unauthorized User Registration Vulnerability

Vulnerability

Patched

A vulnerability exists in the JNews - WordPress Newspaper Magazine Blog AMP Theme, affecting all versions up to and including 11.6.6. The issue allows unauthorized user registration because the theme does not properly validate whether user registration is disabled before creating a new user through the register_handler() function. This flaw enables unauthenticated attackers to register users even when registration is turned off.

Impact

Exploitation of this vulnerability allows for unauthorized user registration, potentially leading to account creation and misuse.

Remediation

Users can update to version 11.6.7 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

0.6

exploitability

7.6

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JNews WordPress Theme Unauthorized User Registration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

JNews

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating