CVE-2024-37424

WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability

Severity Score

9.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8.

La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Automattic Newspack Blocks permite cargar un shell web a un servidor web. Este problema afecta a Newspack Blocks: desde n/a hasta 3.0.8.

The Newspack Blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the iframe_accepted_file_mimes() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

*Credits: Rafie Muhammad (Patchstack)

CVSS Scores

Patchstackv3.1 9.9

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-06-09 CVE Reserved
2024-06-28 CVE Published
2024-07-10 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-434: Unrestricted Upload of File with Dangerous Type

CAPEC

CAPEC-650: Upload a Web Shell to a Web Server

References (1)

URL	Tag	Source
https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Newspack Blocks Search vendor "Newspack Blocks"		Newspack Blocks Search vendor "Newspack Blocks" for product "Newspack Blocks"				>= 0.0.0 <= 3.0.8 Search vendor "Newspack Blocks" for product "Newspack Blocks" and version " >= 0.0.0 <= 3.0.8"		en		Affected