Path Traversal Vulnerability in Newspack Blocks
CVE-2024-37423

8.5HIGH

Key Information:

Vendor: WordPress
Status: Newspack Blocks
Vendor: CVE Published:; 1 November 2024

Summary

A Path Traversal vulnerability exists in Automattic's Newspack Blocks, enabling attackers to bypass security measures and access restricted directories. This vulnerability specifically affects versions up to 3.0.8, allowing malicious actors to manipulate file paths to gain unauthorized access to sensitive information. The flaw's exploitation could lead to severe implications for the security and integrity of affected installations.

Affected Version(s)

Newspack Blocks <= 3.0.8

References

https://patchstack.com/database/vulnerability/newspack-bl...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Jun 9, 2024

Credit

Rafie Muhammad (Patchstack)