This vulnerability (CVE-2024-37475) in Automattic Newspack Newsletters is classified as CWE-862 (Missing Authorization). It allows unauthorized users to access certain functionality due to insufficient access control enforcement. The affected versions include all versions up to 2.13.2. The CVSS 3.1 base score is 5.3 (medium), with vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network attack vector, low attack complexity, no privileges or user interaction required, unchanged scope, and limited confidentiality impact. No patch or official fix has been documented in the provided data.

The impact is limited to unauthorized access to certain functionality within Newspack Newsletters, potentially leading to limited confidentiality loss. There is no reported impact on integrity or availability. No known active exploitation has been observed. The medium severity reflects the potential for unauthorized information access but not system compromise or data alteration.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or patch is documented, users should monitor Automattic's advisories for updates. Until a patch is available, restricting access to the affected functionality through existing access controls or network-level restrictions may reduce risk.