Lucene search
+L

108 matches found

Patchstack
Patchstack
added 2024/08/27 12:0 a.m.14 views

WordPress Newspack Plugin < 3.8.7 is vulnerable to Broken Access Control

Software Newspack Type Plugin Vulnerable versions 3.8.7 Fixed in 3.8.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43968 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID a7d92b233d74 Credits Rafie Muhammad Patchstack Required...

8.8CVSS6.5AI score0.00421EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/07/10 6:15 p.m.24 views

CVE-2024-37115

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8...

7.5CVSS0.00551EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/10 5:55 p.m.15 views

CVE-2024-37115 WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8...

7.5CVSS6.9AI score0.00551EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/10 5:55 p.m.32 views

CVE-2024-37115 WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8...

7.5CVSS0.00551EPSS
Exploits0References1
CVE
CVE
added 2024/07/10 5:55 p.m.47 views

CVE-2024-37115

CVE-2024-37115 affects WordPress plugin Newspack Blocks (versions up to 3.0.8). The vulnerability exposes sensitive information to an unauthenticated actor (Unauthenticated Sensitive Information Exposure). CVSSv3.1 base score 7.5 (HIGH); attack vector NETWORK, no authentication required, confiden...

7.5CVSS7.6AI score0.00551EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.19 views

WordPress plugin Newspack Blocks Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

7.5CVSS6AI score0.00551EPSS
Exploits0References2
NVD
NVD
added 2024/07/09 11:15 a.m.29 views

CVE-2024-37424

Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8...

9.9CVSS0.00492EPSS
Exploits0References1
CVE
CVE
added 2024/07/09 10:21 a.m.64 views

CVE-2024-37424

CVE-2024-37424 is an Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks (≤3.0.8) that allows uploading a web shell to the server. Root cause: unrestricted upload of dangerous file types. Impact: high (web shell can grant full control). Status: patched in v...

9.9CVSS9.4AI score0.00492EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 10:21 a.m.29 views

CVE-2024-37424 WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8...

9.9CVSS0.00492EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 10:21 a.m.10 views

CVE-2024-37424 WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8...

9.9CVSS6.8AI score0.00492EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.5 views

PT-2024-27541 · Automattic · Newspack Blocks

Name of the Vulnerable Software and Affected Versions: Automattic Newspack Blocks versions 3.0.8 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions 3.0.8 and...

9.9CVSS7.4AI score0.00492EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

WordPress plugin Newspack Blocks security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.9CVSS7.1AI score0.00492EPSS
Exploits0References2
NVD
NVD
added 2024/07/04 7:15 p.m.13 views

CVE-2024-37474

Cross Site Scripting XSS vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1...

6.5CVSS0.00277EPSS
Exploits0References1
NVD
NVD
added 2024/07/04 6:15 p.m.21 views

CVE-2024-37476

Cross Site Scripting XSS vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1...

6.5CVSS0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/04 6:11 p.m.25 views

CVE-2024-37474 WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1...

6.5CVSS0.00277EPSS
Exploits0References1
CVE
CVE
added 2024/07/04 6:11 p.m.66 views

CVE-2024-37474

CVE-2024-37474 is a Cross-Site Scripting (XSS) vulnerability in Automattic Newspack Ads for WordPress, allowing Stored XSS. Affected: Newspack Ads versions from n/a up to 1.47.1. Remediation: patch/update to 1.47.1 or later as indicated by the CVE record and Wordfence entry.

6.5CVSS5.8AI score0.00277EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/04 6:11 p.m.17 views

CVE-2024-37474 WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References1
OSV
OSV
added 2024/07/04 6:11 p.m.5 views

CVE-2024-37474 WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1...

6.5CVSS5.9AI score0.00277EPSS
Exploits0References3
CVE
CVE
added 2024/07/04 6:8 p.m.54 views

CVE-2024-37476

CVE-2024-37476 is a Stored XSS affecting Automattic Newspack Campaigns (WordPress plugin) up to version 2.31.1. The vulnerability is confirmed in WordPress ecosystem sources; remediation is to upgrade Newspack Campaigns to a version where the fix is in place (patched). No exploitation activity is...

6.5CVSS6.1AI score0.00277EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/04 6:8 p.m.28 views

CVE-2024-37476 WordPress Newspack Campaigns plugin <= 2.31.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1...

6.5CVSS0.00277EPSS
Exploits0References1
Rows per page
Query Builder