CVE-2024-37115: 
WordPress vulnerability analysis and mitigation

A sensitive data exposure vulnerability was identified in Automattic Newspack Blocks, affecting versions through 3.0.8. The vulnerability was discovered by Rafie Muhammad and was publicly disclosed on June 20, 2024. This security issue allows unauthorized actors to access sensitive information that should normally be restricted (Patchstack).

The vulnerability has been assigned CVE-2024-37115 and received a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The technical assessment indicates that the vulnerability requires no authentication and can be exploited remotely with low attack complexity (Patchstack).

This vulnerability is considered highly dangerous and is expected to become mass exploited. It allows malicious actors to view sensitive information that is normally not accessible to regular users, which could potentially be leveraged to exploit other weaknesses in the system (Patchstack).

The vulnerability has been patched in version 3.0.9 of the Newspack Blocks plugin. Users are strongly advised to update to version 3.0.9 or later immediately. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking potential attacks until the update can be applied (Patchstack).