Automattic Newspack Blocks Vulnerability: Sensitive Information Exposed to Unauthorized Actor
CVE-2024-37115

7.5HIGH

Key Information:

Vendor: WordPress
Status: Newspack Blocks
Vendor: CVE Published:; 10 July 2024

Summary

A vulnerability exists in Automattic's Newspack Blocks, which allows unauthorized actors to access sensitive information. This issue impacts all versions of Newspack Blocks up to 3.0.8 and raises significant concerns regarding data confidentiality and website integrity. Proper safeguards are crucial to prevent exposure of sensitive data, making it essential for users to apply patches and updates promptly.

Affected Version(s)

Newspack Blocks <= 3.0.8

References

https://patchstack.com/database/vulnerability/newspack-bl...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Jun 3, 2024

Credit

Rafie Muhammad (Patchstack)