CVE-2024-37474

Name of the Vulnerable Software and Affected Versions Newspack Ads versions 1.47.1 and earlier

Description A Cross Site Scripting (XSS) issue, specifically a Stored XSS vulnerability, has been identified in Automattic Newspack Ads. This allows for malicious scripts to be stored on the server and executed when a user accesses the affected page.

Recommendations For versions 1.47.1 and earlier, update to a version later than 1.47.1 to resolve the issue. As a temporary workaround, consider restricting access to the affected Newspack Ads module to minimize the risk of exploitation.