GCVE - cpe:2.3:a:automattic:newspack_newsletters:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:automattic:newspack_newsletters:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Automattic (`1dc39c9b-4ddb-5af6-acf4-410b436129a9`)
Product	Newspack Newsletters (`49adae04-7ce4-5b50-b8c7-3a11789762fd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-49325`	vulnerable	2026-06-03 15:01:44.483141	WordPress Newspack Newsletters plugin <= 3.13.0 - Open Redirection Vulnerability MEDIUM (4.7) URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Phishing.This issue affects Newspack Newsletters: from n/a through <= 3.13.0. Published: 2025-06-06T12:53:55.675Z Updated: 2026-04-28T16:13:01.600Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/newspack-newsletters/vulnerability/wordpress-newspack-newsletters-3-13-0-open-redirection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37475`	vulnerable	2026-06-03 14:56:06.745836	WordPress Newspack Newsletters plugin <= 2.13.2 - Broken Access Control vulnerability MEDIUM (5.3) Missing Authorization vulnerability in Automattic Newspack Newsletters allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Newspack Newsletters: from n/a through 2.13.2. Published: 2024-11-01T14:18:17.439Z Updated: 2026-04-28T16:09:59.546Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/newspack-newsletters/wordpress-newspack-newsletters-plugin-2-13-2-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37424`	vulnerable	2026-06-03 14:56:06.604979	WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability CRITICAL (9.9) Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8. Published: 2024-07-09T10:21:07.800Z Updated: 2026-04-28T16:09:58.627Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37242`	vulnerable	2026-06-03 14:56:06.134927	WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability MEDIUM (4.3) Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through <= 2.13.2. Published: 2025-01-02T12:00:44.450Z Updated: 2026-04-28T16:09:57.383Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/newspack-newsletters/vulnerability/wordpress-newspack-newsletters-plugin-2-13-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37115`	vulnerable	2026-06-03 14:56:05.814002	WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability HIGH (7.5) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8. Published: 2024-07-10T17:55:13.389Z Updated: 2026-04-28T16:09:56.326Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.