This vulnerability (CVE-2024-37098) is classified as CWE-918 SSRF in the BlossomThemes Email Newsletter plugin by Blossom Themes, affecting versions through 2.2.6. SSRF vulnerabilities enable attackers to make the server perform unauthorized requests, potentially accessing internal resources or services. The CVSS vector indicates that exploitation requires network access, high attack complexity, and high privileges, with no user interaction needed. The impact is limited to partial confidentiality and integrity loss without affecting availability. No patch or official remediation level has been provided by the vendor or authoritative sources as of the published date.

An attacker with high privileges on the affected system could exploit this SSRF vulnerability to cause the server to send crafted requests to internal or external systems, potentially leading to limited confidentiality and integrity impacts. There is no indication of availability impact or widespread exploitation in the wild. The medium CVSS score reflects these limited impacts and the required conditions for exploitation.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround is currently available, users should monitor Blossom Themes advisories for updates. Until a patch is released, restricting high-privilege access and limiting network exposure of the affected plugin may reduce risk.