CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37424 – WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-37424
28 Jun 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Automattic Newspack Blocks permite cargar un shell web a un servidor web. Este problema afecta a Newspack Blocks: desde n/a hasta 3.0.8. The Newspack Blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file t... • https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37423 – WordPress Newspack Blocks plugin <= 3.0.8 - Contributor+ Arbitrary Directory Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-37423
28 Jun 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic Newspack Blocks allows Path Traversal.This issue affects Newspack Blocks: from n/a through 3.0.8. The Newspack Blocks plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the remove_iframe_archive() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with contributor-level access and above, to del... • https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-contributor-arbitrary-directory-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37425 – WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37425
28 Jun 2024 — Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8. The Newspack Blocks plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the api_get_all_authors and get_authors REST API endpoints in versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with contributor-level ... • https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37115 – WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-37115
20 Jun 2024 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Automattic Newspack Blocks. Este problema afecta a Newspack Blocks: desde n/a hasta 3.0.8. The Newspack Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.8. This makes it possible for unauthentic... • https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •