cbcvebase.

Automattic Newspack Blocks vulnerabilities

4 known vulnerabilities affecting automattic/newspack_blocks.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-37424P2CRITICALCVSS 9.9≥ n/a, ≤ 3.0.82024-07-09
CVE-2024-37424 [CRITICAL] CWE-434 CVE-2024-37424: Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows U Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8.
nvd
CVE-2024-37423P3HIGHCVSS 8.5≥ n/a, ≤ 3.0.82024-11-01
CVE-2024-37423 [HIGH] CWE-22 CVE-2024-37423: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Auto Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic Newspack Blocks allows Path Traversal.This issue affects Newspack Blocks: from n/a through 3.0.8.
nvd
CVE-2024-37115P3HIGHCVSS 7.5≥ n/a, ≤ 3.0.82024-07-10
CVE-2024-37115 [HIGH] CWE-200 CVE-2024-37115: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Bloc Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8.
nvd
CVE-2024-37425P4MEDIUMCVSS 5.4≥ n/a, ≤ 3.0.82024-11-01
CVE-2024-37425 [MEDIUM] CWE-862 CVE-2024-37425: Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8.
nvd
Automattic Newspack Blocks vulnerabilities | cvebase