CVE-2024-37476

Name of the Vulnerable Software and Affected Versions Newspack Campaigns versions 2.31.1 and earlier

Description The issue is a Cross Site Scripting (XSS) vulnerability, specifically a Stored XSS, in Automattic Newspack Campaigns. This allows for malicious scripts to be stored on the server and executed when a user accesses the affected page.

Recommendations For versions 2.31.1 and earlier, update to a version later than 2.31.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.