Automattic Newspack
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Automattic Newspack.
By the Year
In 2026 there have been 0 vulnerabilities in Automattic Newspack. Last year, in 2025 Newspack had 1 security vulnerability published. Right now, Newspack is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 2 | 5.40 |
It may take a day or so for new Newspack vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Automattic Newspack Security Vulnerabilities
CVE-2024-37242: Newspack Newsletters CSRF Vulnerability before 2.13.3
CVE-2024-37242
- January 02, 2025
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters newspack-newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through <= 2.13.2.
Session Riding
Newspack Ads Stored XSS (v1.47.1)
CVE-2024-37474
5.4 - Medium
- July 04, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1.
XSS
Automattic Newspack Campaigns: Stored XSS Vulnerability before 2.31.1
CVE-2024-37476
5.4 - Medium
- July 04, 2024
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Automattic Newspack or by Automattic? Click the Watch button to subscribe.
