108 matches found
WordPress Newspack Plugin < 3.8.7 is vulnerable to Broken Access Control
Software Newspack Type Plugin Vulnerable versions 3.8.7 Fixed in 3.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43968 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a7d92b233d74 Credits Rafie Muhammad Patchstack Required...
CVE-2024-37115
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37115 WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37115 WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37115
CVE-2024-37115 affects WordPress plugin Newspack Blocks (versions up to 3.0.8). The vulnerability exposes sensitive information to an unauthenticated actor (Unauthenticated Sensitive Information Exposure). CVSSv3.1 base score 7.5 (HIGH); attack vector NETWORK, no authentication required, confiden...
WordPress plugin Newspack Blocks Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
CVE-2024-37424
Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37424
CVE-2024-37424 is an Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks (≤3.0.8) that allows uploading a web shell to the server. Root cause: unrestricted upload of dangerous file types. Impact: high (web shell can grant full control). Status: patched in v...
CVE-2024-37424 WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8...
CVE-2024-37424 WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8...
PT-2024-27541 · Automattic · Newspack Blocks
Name of the Vulnerable Software and Affected Versions: Automattic Newspack Blocks versions 3.0.8 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions 3.0.8 and...
WordPress plugin Newspack Blocks security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-37474
Cross Site Scripting XSS vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1...
CVE-2024-37476
Cross Site Scripting XSS vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1...
CVE-2024-37474 WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1...
CVE-2024-37474
CVE-2024-37474 is a Cross-Site Scripting (XSS) vulnerability in Automattic Newspack Ads for WordPress, allowing Stored XSS. Affected: Newspack Ads versions from n/a up to 1.47.1. Remediation: patch/update to 1.47.1 or later as indicated by the CVE record and Wordfence entry.
CVE-2024-37474 WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1...
CVE-2024-37474 WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1...
CVE-2024-37476
CVE-2024-37476 is a Stored XSS affecting Automattic Newspack Campaigns (WordPress plugin) up to version 2.31.1. The vulnerability is confirmed in WordPress ecosystem sources; remediation is to upgrade Newspack Campaigns to a version where the fix is in place (patched). No exploitation activity is...
CVE-2024-37476 WordPress Newspack Campaigns plugin <= 2.31.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1...