GCVE - cpe:2.3:a:automattic:newspack_blocks:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:automattic:newspack_blocks:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Automattic (`1dc39c9b-4ddb-5af6-acf4-410b436129a9`)
Product	Newspack Blocks (`59b00836-c61f-5299-9e1c-e6af35328797`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-37425`	vulnerable	2026-06-03 14:56:06.605402	WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability MEDIUM (5.4) Missing Authorization vulnerability in Automattic Newspack Blocks newspack-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Blocks: from n/a through 3.0.8. Published: 2024-11-01T14:18:24.252Z Updated: 2026-04-28T16:09:58.608Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37424`	vulnerable	2026-06-03 14:56:06.605026	WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability CRITICAL (9.9) Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Newspack Blocks allows Upload a Web Shell to a Web Server.This issue affects Newspack Blocks: from n/a through 3.0.8. Published: 2024-07-09T10:21:07.800Z Updated: 2026-04-28T16:09:58.627Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-arbitrary-file-upload-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37423`	vulnerable	2026-06-03 14:56:06.604553	WordPress Newspack Blocks plugin <= 3.0.8 - Contributor+ Arbitrary Directory Deletion vulnerability HIGH (8.5) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic Newspack Blocks allows Path Traversal.This issue affects Newspack Blocks: from n/a through 3.0.8. Published: 2024-11-01T14:18:24.871Z Updated: 2026-04-28T16:09:58.502Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-contributor-arbitrary-directory-deletion-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-37115`	vulnerable	2026-06-03 14:56:05.815046	WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability HIGH (7.5) Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8. Published: 2024-07-10T17:55:13.389Z Updated: 2026-04-28T16:09:56.326Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/newspack-blocks/wordpress-newspack-blocks-plugin-3-0-8-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.