{"id":"CVE-2024-43968","details":"Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6.","modified":"2026-04-10T05:21:54.193590Z","published":"2024-11-01T15:15:50.347Z","references":[{"type":"ADVISORY","url":"https://patchstack.com/database/vulnerability/newspack-plugin/wordpress-newspack-plugin-3-8-7-broken-access-control-vulnerability?_s_id=cve"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/automattic/newspack-plugin","events":[{"introduced":"0"},{"fixed":"b683f3ae0562d01eb17fdfb61fe455e82f997eb5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.8.7"}]}}],"versions":["1.0.0-alpha.1","1.0.0-alpha.10","1.0.0-alpha.11","1.0.0-alpha.12","1.0.0-alpha.13","1.0.0-alpha.14","1.0.0-alpha.15","1.0.0-alpha.16","1.0.0-alpha.17","1.0.0-alpha.18","1.0.0-alpha.19","1.0.0-alpha.2","1.0.0-alpha.3","1.0.0-alpha.4","1.0.0-alpha.5","1.0.0-alpha.6","1.0.0-alpha.7","1.0.0-alpha.8","1.0.0-alpha.9","v1.0.0","v1.1.0","v1.10.0","v1.100.0","v1.100.1","v1.100.2","v1.101.0","v1.102.0","v1.103.0","v1.104.0","v1.104.1","v1.105.0","v1.105.1","v1.106.0","v1.107.0","v1.107.1","v1.108.0","v1.109.0","v1.11.0","v1.110.0","v1.111.0","v1.111.1","v1.112.0","v1.112.1","v1.113.0","v1.113.1","v1.114.0","v1.114.1","v1.114.2","v1.114.3","v1.114.4","v1.114.5","v1.115.0","v1.115.1","v1.116.0","v1.116.1","v1.117.0","v1.12.0","v1.12.1","v1.13.0","v1.14.0","v1.14.1","v1.14.2","v1.15.0","v1.16.0","v1.16.1","v1.16.2","v1.17.0","v1.18.0","v1.19.0","v1.2.0","v1.2.1","v1.20.0","v1.21.0","v1.21.1","v1.22.0","v1.23.0","v1.24.0","v1.25.0","v1.26.0","v1.27.0","v1.28.0","v1.29.0","v1.3.0","v1.30.0","v1.30.1","v1.31.0","v1.32.0","v1.33.0","v1.33.1","v1.33.2","v1.34.0","v1.34.1","v1.35.0","v1.36.0","v1.37.0","v1.38.0","v1.38.1","v1.39.0","v1.4.0","v1.40.0","v1.41.0","v1.42.0","v1.43.0","v1.44.0","v1.45.0","v1.46.0","v1.46.1","v1.47.0","v1.48.0","v1.48.1","v1.49.0","v1.5.0","v1.50.0","v1.50.1","v1.51.0","v1.51.1","v1.52.0","v1.53.0","v1.54.0","v1.55.0","v1.56.0","v1.56.1","v1.57.0","v1.58.0","v1.59.0","v1.6.0","v1.60.0","v1.61.0","v1.62.0","v1.63.0","v1.64.0","v1.65.0","v1.66.0","v1.67.0","v1.67.1","v1.68.0","v1.69.0","v1.7.0","v1.70.0","v1.71.0","v1.72.0","v1.72.1","v1.73.0","v1.74.0","v1.75.0","v1.75.1","v1.75.2","v1.76.0","v1.77.0","v1.77.1","v1.77.2","v1.77.3","v1.78.0","v1.79.0","v1.79.1","v1.8.0","v1.80.0","v1.80.1","v1.81.0","v1.82.0","v1.82.1","v1.82.2","v1.83.0","v1.83.1","v1.83.2","v1.83.3","v1.84.0","v1.84.1","v1.85.0","v1.85.1","v1.85.2","v1.86.0","v1.87.0","v1.88.0","v1.89.0","v1.89.1","v1.9.0","v1.90.0","v1.91.0","v1.91.1","v1.91.2","v1.92.0","v1.92.1","v1.93.0","v1.93.1","v1.93.2","v1.94.0","v1.95.0","v1.95.1","v1.95.2","v1.95.3","v1.95.4","v1.96.0","v1.97.0","v1.97.1","v1.97.2","v1.97.3","v1.98.0","v1.99.0","v1.99.1","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.10.0","v2.10.1","v2.10.2","v2.10.3","v2.11.0","v2.11.1","v2.11.2","v2.11.3","v2.11.4","v2.11.5","v2.11.6","v2.12.0","v2.12.1","v2.12.2","v2.13.0","v2.14.0","v2.14.1","v2.15.0","v2.16.0","v2.16.1","v2.2.0","v2.2.1","v2.2.2","v2.2.3","v2.2.4","v2.2.5","v2.3.0","v2.4.0","v2.5.0","v2.5.1","v2.6.0","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.7.0","v2.7.1","v2.7.2","v2.7.3","v2.7.4","v2.7.5","v2.8.0","v2.8.1","v2.8.2","v2.8.3","v2.9.0","v2.9.1","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.1.0","v3.1.1","v3.1.2","v3.2.0","v3.2.1","v3.3.0","v3.3.1","v3.3.2","v3.3.3","v3.3.4","v3.3.5","v3.4.0","v3.5.0","v3.5.1","v3.5.2","v3.5.3","v3.5.4","v3.6.0","v3.6.1","v3.6.10","v3.6.11","v3.6.12","v3.6.13","v3.6.2","v3.6.3","v3.6.4","v3.6.5","v3.6.6","v3.6.7","v3.6.8","v3.6.9","v3.7.0","v3.8.0","v3.8.1","v3.8.2","v3.8.3","v3.8.4","v3.8.5","v3.8.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43968.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}