CVE-2016-10972

CRITICAL EXPLOITED IN THE WILD NUCLEI

Newspaper < 6.7.2 - Improper Privilege Management via td_ajax_update_panel

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2016-10972 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 1 public exploit from researchers including wp0Day.com. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets a vulnerability in the Newspaper WP Theme (version 6.7.1) by overwriting WordPress options via an unauthenticated AJAX endpoint. It allows enabling/disabling user registration and setting default user roles to administrator or subscriber.

Description

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.

Exploits (1)

exploitdb WORKING POC
by wp0Day.com · phpwebappsphp
https://www.exploit-db.com/exploits/39894

This exploit targets a vulnerability in the Newspaper WP Theme (version 6.7.1) by overwriting WordPress options via an unauthenticated AJAX endpoint. It allows enabling/disabling user registration and setting default user roles to administrator or subscriber.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Newspaper WP Theme 6.7.1
No auth needed
Prerequisites: Target must be running Newspaper WP Theme 6.7.1 · WordPress installation must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Newspaper Theme 6.4–6.7.1 - Privilege Escalation
CRITICALby pussycat0x
FOFA: body="wp-content/themes/mTheme-Unus/"

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/8852
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39894

Scores

CVSS v3 9.8
EPSS 0.6305
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-12-30
InTheWild.io 2023-01-02
CWE
CWE-269
Status published
Products (1)
tagdiv/newspaper < 6.7.2
Published Sep 16, 2019
Tracked Since Feb 18, 2026