Search criteria

40 vulnerabilities found for jetpack by automattic

FKIE_CVE-2024-10076

Vulnerability from fkie_nvd - Published: 2025-05-15 20:15 - Updated: 2025-06-04 16:50
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Summary
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
References
contact@wpscan.comhttps://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/Third Party Advisory
Impacted products
Vendor Product Version
automattic jetpack *
automattic jetpack_boost *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "839BA77A-695D-4677-8FF2-39B566D5421D",
              "versionEndExcluding": "13.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack_boost:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "7A7C8F9C-07EE-4F1D-99AE-A782F8FDCA67",
              "versionEndExcluding": "3.4.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jetpack  WordPress plugin before 13.8, Jetpack Boost  WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn\u2019t, ultimately making it possible for contributor and above users to perform Stored XSS attacks"
    },
    {
      "lang": "es",
      "value": "Los complementos Jetpack para WordPress anteriores a la versi\u00f3n 13.8 y Jetpack Boost para WordPress anteriores a la 3.4.8 utilizan expresiones regulares en las funciones del Acelerador de Sitios al cambiar las URL de las im\u00e1genes a su equivalente en la CDN. Desafortunadamente, algunas de ellas pueden coincidir con patrones que no deber\u00edan, lo que permite a los usuarios colaboradores y superiores realizar ataques XSS almacenado."
    }
  ],
  "id": "CVE-2024-10076",
  "lastModified": "2025-06-04T16:50:53.673",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 3.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-15T20:15:32.533",
  "references": [
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2024-10075

Vulnerability from fkie_nvd - Published: 2025-05-15 20:15 - Updated: 2025-06-04 16:49
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.
References
contact@wpscan.comhttps://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
automattic jetpack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "839BA77A-695D-4677-8FF2-39B566D5421D",
              "versionEndExcluding": "13.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jetpack  WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block."
    },
    {
      "lang": "es",
      "value": "El complemento Jetpack para WordPress anterior a la versi\u00f3n 13.8 no garantiza que la publicaci\u00f3n creada por el formulario de contacto solo sea accesible para usuarios autorizados, lo que podr\u00eda permitir que usuarios no autenticados ejecuten c\u00f3digos cortos arbitrarios y los bloqueen."
    }
  ],
  "id": "CVE-2024-10075",
  "lastModified": "2025-06-04T16:49:41.220",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-15T20:15:32.450",
  "references": [
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2024-10858

Vulnerability from fkie_nvd - Published: 2024-12-25 06:15 - Updated: 2025-05-14 15:05
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.
References
contact@wpscan.comhttps://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
automattic jetpack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "81E4C737-8315-4F4E-82A1-42E59B24589C",
              "versionEndExcluding": "14.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jetpack  WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com."
    },
    {
      "lang": "es",
      "value": "El complemento Jetpack WordPress anterior a 14.1 no verifica adecuadamente el origen del mensaje posterior en sus versiones 13.x, lo que permite omitirlo y conducir a DOM-XSS. El problema s\u00f3lo afecta a los sitios web alojados en WordPress.com."
    }
  ],
  "id": "CVE-2024-10858",
  "lastModified": "2025-05-14T15:05:27.950",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-12-25T06:15:23.407",
  "references": [
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2024-9926

Vulnerability from fkie_nvd - Published: 2024-11-07 15:15 - Updated: 2025-05-28 20:51
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
References
contact@wpscan.comhttps://wpscan.com/vulnerability/669382af-f836-4896-bdcb-5c6a57c99bd9/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
automattic jetpack *
automattic jetpack *
automattic jetpack *
automattic jetpack *
automattic jetpack *
automattic jetpack 13.0
automattic jetpack 13.5
automattic jetpack 13.6
automattic jetpack 13.7
automattic jetpack 13.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "52C880A8-10D6-465C-BBE4-A16E616C8265",
              "versionEndExcluding": "13.1.4",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "FCFCEFF3-DA25-44C4-9146-79E80F032119",
              "versionEndExcluding": "13.2.3",
              "versionStartIncluding": "13.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "FBAB98F8-28E4-4734-99BC-409FB23A2C29",
              "versionEndExcluding": "13.3.2",
              "versionStartIncluding": "13.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "6721DC26-A954-4946-80E3-D258756C30FE",
              "versionEndExcluding": "13.4.4",
              "versionStartIncluding": "13.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "286CD858-41BC-4B3B-B438-197FF083DC26",
              "versionEndExcluding": "13.8.2",
              "versionStartIncluding": "13.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:13.0:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "192B904F-72CC-47F4-90DE-809F4B7C5210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:13.5:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "36B9ED36-0F34-4CC3-A094-C75D205F293D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:13.6:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "35BDF8B0-6721-4EC5-95D9-1B4B705CBD59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:13.7:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "4997D8BF-600C-432B-9669-86C887EF3A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:13.9:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "48FF3595-22A6-43F3-869F-21A539307C29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form"
    },
    {
      "lang": "es",
      "value": "El complemento Jetpack WordPress no tiene la autorizaci\u00f3n adecuada en uno de sus endpoints REST, lo que permite que cualquier usuario autenticado, como un suscriptor, lea datos de comentarios arbitrarios enviados a trav\u00e9s del formulario de contacto de Jetpack."
    }
  ],
  "id": "CVE-2024-9926",
  "lastModified": "2025-05-28T20:51:40.900",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-11-07T15:15:05.860",
  "references": [
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/669382af-f836-4896-bdcb-5c6a57c99bd9/"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-45050

Vulnerability from fkie_nvd - Published: 2023-11-30 12:15 - Updated: 2024-11-21 08:26
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
References
audit@patchstack.comhttps://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cveExploit, Patch, Third Party Advisory
audit@patchstack.comhttps://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cveThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cveExploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cveThird Party Advisory
Impacted products
Vendor Product Version
automattic jetpack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "D4246632-1582-466E-8D29-A4D20AD2276D",
              "versionEndIncluding": "12.8-a.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Automattic Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth allows Stored XSS.This issue affects Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth: from n/a through 12.8-a.1.\n\n"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\u0027Cross-site Scripting\u0027) en Automattic Jetpack \u2013 WP Security, Backup, Speed, \u0026amp; Growth permite almacenar XSS. Este problema afecta a Jetpack \u2013 WP Security, Backup, Speed, \u0026amp; Growth: desde n/a hasta 12.8-a.1."
    }
  ],
  "id": "CVE-2023-45050",
  "lastModified": "2024-11-21T08:26:17.260",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 3.7,
        "source": "audit@patchstack.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-30T12:15:07.983",
  "references": [
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve"
    },
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
    }
  ],
  "sourceIdentifier": "audit@patchstack.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "audit@patchstack.com",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2023-2996

Vulnerability from fkie_nvd - Published: 2023-06-27 14:15 - Updated: 2024-11-21 07:59
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
References
contact@wpscan.comhttps://jetpack.com/blog/jetpack-12-1-1-critical-security-update/Vendor Advisory
contact@wpscan.comhttps://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663Exploit, Third Party Advisory
Impacted products
Vendor Product Version
automattic jetpack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "F5E11109-F3B9-4201-9C0B-94D8FDD0ECE4",
              "versionEndExcluding": "12.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization."
    }
  ],
  "id": "CVE-2023-2996",
  "lastModified": "2024-11-21T07:59:43.287",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-27T14:15:11.723",
  "references": [
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/"
    },
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Modified"
}

FKIE_CVE-2021-24374

Vulnerability from fkie_nvd - Published: 2021-06-21 20:15 - Updated: 2024-11-21 05:52
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
References
contact@wpscan.comhttps://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/Release Notes, Vendor Advisory
contact@wpscan.comhttps://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33Exploit, Third Party Advisory
Impacted products
Vendor Product Version
automattic jetpack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "6199FB8F-ED94-4CFA-B6C6-614DBF7F4C9C",
              "versionEndExcluding": "9.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a \"carousel\" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo Jetpack Carousel del plugin JetPack de WordPress versiones anteriores a 9.8, permite a usuarios crear una galer\u00eda de im\u00e1genes de tipo \"carousel\" y permite a usuarios comentar las im\u00e1genes. Se encontr\u00f3 una vulnerabilidad de seguridad en el m\u00f3dulo Jetpack Carousel por la funci\u00f3n nguyenhg_vcs que permit\u00eda filtrar los comentarios de las p\u00e1ginas/posts no publicados"
    }
  ],
  "id": "CVE-2021-24374",
  "lastModified": "2024-11-21T05:52:56.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-21T20:15:08.977",
  "references": [
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/"
    },
    {
      "source": "contact@wpscan.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33"
    }
  ],
  "sourceIdentifier": "contact@wpscan.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "contact@wpscan.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-639"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2015-9359

Vulnerability from fkie_nvd - Published: 2019-08-28 15:15 - Updated: 2024-11-21 02:40
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
References
cve@mitre.orghttps://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.htmlThird Party Advisory
cve@mitre.orghttps://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/Vendor Advisory
Impacted products
Vendor Product Version
automattic jetpack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "0997D15F-6CD7-42AF-AF0E-F43F4A1DDF68",
              "versionEndExcluding": "3.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg()."
    },
    {
      "lang": "es",
      "value": "El plugin Jetpack anterior a 3.4.3 para WordPress tiene una vulnerabilidad  XSS a trav\u00e9s de add_query_arg () y remove_query_arg ()."
    }
  ],
  "id": "CVE-2015-9359",
  "lastModified": "2024-11-21T02:40:26.377",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-28T15:15:10.803",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2016-10705

Vulnerability from fkie_nvd - Published: 2018-01-12 19:29 - Updated: 2024-11-21 02:44
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
References
cve@mitre.orghttps://jetpack.com/2016/06/20/jetpack-4-0-4-bug-fixes/Third Party Advisory
cve@mitre.orghttps://wpvulndb.com/vulnerabilities/8517Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://jetpack.com/2016/06/20/jetpack-4-0-4-bug-fixes/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://wpvulndb.com/vulnerabilities/8517Third Party Advisory
Impacted products
Vendor Product Version
automattic jetpack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "41A172D6-0F08-474B-B418-78D06971A48D",
              "versionEndIncluding": "4.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module."
    },
    {
      "lang": "es",
      "value": "El plugin Jetpack en versiones anteriores a la 4.0.4 para WordPress tiene XSS mediante el m\u00f3dulo Likes."
    }
  ],
  "id": "CVE-2016-10705",
  "lastModified": "2024-11-21T02:44:33.157",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-12T19:29:00.207",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jetpack.com/2016/06/20/jetpack-4-0-4-bug-fixes/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wpvulndb.com/vulnerabilities/8517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jetpack.com/2016/06/20/jetpack-4-0-4-bug-fixes/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://wpvulndb.com/vulnerabilities/8517"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2016-10706

Vulnerability from fkie_nvd - Published: 2018-01-12 19:29 - Updated: 2024-11-21 02:44
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
References
cve@mitre.orghttps://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/Third Party Advisory
cve@mitre.orghttps://www.wordfence.com/blog/2016/05/jetpack-vulnerability/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.wordfence.com/blog/2016/05/jetpack-vulnerability/Third Party Advisory
Impacted products
Vendor Product Version
automattic jetpack *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "CA664F2E-97D9-4F27-85E1-83C9FDFF0B51",
              "versionEndExcluding": "4.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link."
    },
    {
      "lang": "es",
      "value": "El plugin Jetpack en versiones anteriores a la 4.0.3 para WordPress tiene XSS mediante un enlace Vimeo manipulado."
    }
  ],
  "id": "CVE-2016-10706",
  "lastModified": "2024-11-21T02:44:33.303",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-12T19:29:00.257",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.wordfence.com/blog/2016/05/jetpack-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.wordfence.com/blog/2016/05/jetpack-vulnerability/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2024-10076 (GCVE-0-2024-10076)

Vulnerability from cvelistv5 – Published: 2025-05-15 20:06 – Updated: 2025-05-20 16:03
VLAI?
Summary
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
CWE
Assigner
References
https://wpscan.com/vulnerability/15f278f6-0418-4c… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 0 , < 13.8 (semver)
Create a notification for this product.
Credits
Marc Montpas WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "HIGH",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-10076",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T15:47:11.845919Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T16:03:22.267Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack Boost",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.4.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marc Montpas"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack  WordPress plugin before 13.8, Jetpack Boost  WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn\u2019t, ultimately making it possible for contributor and above users to perform Stored XSS attacks"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79 Cross-Site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-15T20:06:40.424Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack \u003c 13.8, Boost \u003c 3.4.8 - Contributor+ Stored XSS",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2024-10076",
    "datePublished": "2025-05-15T20:06:40.424Z",
    "dateReserved": "2024-10-17T09:02:05.021Z",
    "dateUpdated": "2025-05-20T16:03:22.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10075 (GCVE-0-2024-10075)

Vulnerability from cvelistv5 – Published: 2025-05-15 20:06 – Updated: 2025-05-20 16:10
VLAI?
Summary
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.
Severity ?
5.6 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
Assigner
References
https://wpscan.com/vulnerability/a984976c-291a-4f… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 0 , < 13.8 (semver)
Create a notification for this product.
Credits
Marc Montpas WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-10075",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T16:08:22.976995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T16:10:57.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marc Montpas"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack  WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-15T20:06:40.225Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack \u003c 13.8 - Unauthenticated Arbitrary Block \u0026 Shortcode Execution",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2024-10075",
    "datePublished": "2025-05-15T20:06:40.225Z",
    "dateReserved": "2024-10-17T08:50:53.381Z",
    "dateUpdated": "2025-05-20T16:10:57.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10858 (GCVE-0-2024-10858)

Vulnerability from cvelistv5 – Published: 2024-12-25 06:00 – Updated: 2024-12-26 19:53
VLAI?
Summary
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
Assigner
References
https://wpscan.com/vulnerability/7fecba37-d718-4d… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 13.0 , < 14.1 (semver)
Create a notification for this product.
Credits
Eldar (hakupiku) WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-10858",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-26T19:52:57.866186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-26T19:53:41.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "14.1",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Eldar (hakupiku)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack  WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79 Cross-Site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-25T06:00:02.663Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack 13.0-14.0 - Unauthenticated DOM-XSS",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2024-10858",
    "datePublished": "2024-12-25T06:00:02.663Z",
    "dateReserved": "2024-11-05T13:26:58.545Z",
    "dateUpdated": "2024-12-26T19:53:41.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9926 (GCVE-0-2024-9926)

Vulnerability from cvelistv5 – Published: 2024-11-07 15:02 – Updated: 2024-11-07 19:53
VLAI?
Summary
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
https://wpscan.com/vulnerability/669382af-f836-48… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 13.9 , < 13.9.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.8 , < 13.8.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.7 , < 13.7.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.6 , < 13.6.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.5 , < 13.5.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.4 , < 13.4.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.3 , < 13.3.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.2 , < 13.2.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.1 , < 13.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.0 , < 13.0.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.9 , < 12.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.8 , < 12.8.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.7 , < 12.7.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.6 , < 12.6.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.5 , < 12.5.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.4 , < 12.4.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.3 , < 12.3.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.2 , < 12.2.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.1 , < 12.1.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.0 , < 12.0.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.9 , < 11.9.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.8 , < 11.8.6 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.7 , < 11.7.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.6 , < 11.6.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.5 , < 11.5.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.4 , < 11.4.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.3 , < 11.3.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.2 , < 11.2.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.1 , < 11.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.0 , < 11.0.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.9 , < 10.9.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.8 , < 10.8.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.7 , < 10.7.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.6 , < 10.6.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.5 , < 10.5.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.4 , < 10.4.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.3 , < 10.3.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.2 , < 10.2.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.1 , < 10.1.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.0 , < 10.0.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.9 , < 9.9.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.8 , < 9.8.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.7 , < 9.7.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.6 , < 9.6.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.5 , < 9.5.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.4 , < 9.4.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.3 , < 9.3.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.2 , < 9.2.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.1 , < 9.1.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.0 , < 9.0.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.9 , < 8.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.8 , < 8.8.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.7 , < 8.7.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.6 , < 8.6.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.5 , < 8.5.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.4 , < 8.4.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.3 , < 8.3.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.2 , < 8.2.6 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.1 , < 8.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.0 , < 8.0.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.9 , < 7.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.8 , < 7.8.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.7 , < 7.7.6 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.6 , < 7.6.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.5 , < 7.5.7 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.4 , < 7.4.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.3 , < 7.3.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.2 , < 7.2.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.1 , < 7.1.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.0 , < 7.0.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.9 , < 6.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.8 , < 6.8.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.7 , < 6.7.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.6 , < 6.6.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.5 , < 6.5.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.4 , < 6.4.6 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.3 , < 6.3.7 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.2 , < 6.2.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.1 , < 6.1.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.0 , < 6.0.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.9 , < 5.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.8 , < 5.8.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.7 , < 5.7.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.6 , < 5.6.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.5 , < 5.5.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.4 , < 5.4.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.3 , < 5.3.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.2 , < 5.2.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.1 , < 5.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.0 , < 5.0.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.9 , < 4.9.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.8 , < 4.8.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.7 , < 4.7.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.6 , < 4.6.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.5 , < 4.5.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.4 , < 4.4.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.3 , < 4.3.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.2 , < 4.2.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.1.0 , < 4.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.0.0 , < 4.0.7 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 3.9.2 , < 3.9.10 (semver)
Create a notification for this product.
Credits
Marc Montpas WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "jetpack",
            "vendor": "automattic",
            "versions": [
              {
                "lessThan": "13.9.1",
                "status": "affected",
                "version": "13.9",
                "versionType": "semver"
              },
              {
                "lessThan": "13.8.2",
                "status": "affected",
                "version": "13.8",
                "versionType": "semver"
              },
              {
                "lessThan": "13.7.1",
                "status": "affected",
                "version": "13.7",
                "versionType": "semver"
              },
              {
                "lessThan": "13.6.1",
                "status": "affected",
                "version": "13.6",
                "versionType": "semver"
              },
              {
                "lessThan": "13.5.1",
                "status": "affected",
                "version": "13.5",
                "versionType": "semver"
              },
              {
                "lessThan": "13.4.4",
                "status": "affected",
                "version": "13.4",
                "versionType": "semver"
              },
              {
                "lessThan": "13.3.2",
                "status": "affected",
                "version": "13.3",
                "versionType": "semver"
              },
              {
                "lessThan": "13.2.3",
                "status": "affected",
                "version": "13.2",
                "versionType": "semver"
              },
              {
                "lessThan": "13.1.4",
                "status": "affected",
                "version": "13.1",
                "versionType": "semver"
              },
              {
                "lessThan": "13.0.1",
                "status": "affected",
                "version": "13.0",
                "versionType": "semver"
              },
              {
                "lessThan": "12.9.4",
                "status": "affected",
                "version": "12.9",
                "versionType": "semver"
              },
              {
                "lessThan": "12.8.2",
                "status": "affected",
                "version": "12.8",
                "versionType": "semver"
              },
              {
                "lessThan": "12.7.2",
                "status": "affected",
                "version": "12.7",
                "versionType": "semver"
              },
              {
                "lessThan": "12.6.3",
                "status": "affected",
                "version": "12.6",
                "versionType": "semver"
              },
              {
                "lessThan": "12.5.1",
                "status": "affected",
                "version": "12.5",
                "versionType": "semver"
              },
              {
                "lessThan": "12.4.1",
                "status": "affected",
                "version": "12.4",
                "versionType": "semver"
              },
              {
                "lessThan": "12.3.1",
                "status": "affected",
                "version": "12.3",
                "versionType": "semver"
              },
              {
                "lessThan": "12.2.2",
                "status": "affected",
                "version": "12.2",
                "versionType": "semver"
              },
              {
                "lessThan": "12.1.2",
                "status": "affected",
                "version": "12.1",
                "versionType": "semver"
              },
              {
                "lessThan": "12.0.2",
                "status": "affected",
                "version": "12.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.3",
                "status": "affected",
                "version": "11.9",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.6",
                "status": "affected",
                "version": "11.8",
                "versionType": "semver"
              },
              {
                "lessThan": "11.7.3",
                "status": "affected",
                "version": "11.7",
                "versionType": "semver"
              },
              {
                "lessThan": "11.6.2",
                "status": "affected",
                "version": "11.6",
                "versionType": "semver"
              },
              {
                "lessThan": "11.5.3",
                "status": "affected",
                "version": "11.5",
                "versionType": "semver"
              },
              {
                "lessThan": "11.4.2",
                "status": "affected",
                "version": "11.4",
                "versionType": "semver"
              },
              {
                "lessThan": "11.3.4",
                "status": "affected",
                "version": "11.3",
                "versionType": "semver"
              },
              {
                "lessThan": "11.2.2",
                "status": "affected",
                "version": "11.2",
                "versionType": "semver"
              },
              {
                "lessThan": "11.1.4",
                "status": "affected",
                "version": "11.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.0.2",
                "status": "affected",
                "version": "11.0",
                "versionType": "semver"
              },
              {
                "lessThan": "10.9.3",
                "status": "affected",
                "version": "10.9",
                "versionType": "semver"
              },
              {
                "lessThan": "10.8.2",
                "status": "affected",
                "version": "10.8",
                "versionType": "semver"
              },
              {
                "lessThan": "10.7.2",
                "status": "affected",
                "version": "10.7",
                "versionType": "semver"
              },
              {
                "lessThan": "10.6.2",
                "status": "affected",
                "version": "10.6",
                "versionType": "semver"
              },
              {
                "lessThan": "10.5.3",
                "status": "affected",
                "version": "10.5",
                "versionType": "semver"
              },
              {
                "lessThan": "10.4.2",
                "status": "affected",
                "version": "10.4",
                "versionType": "semver"
              },
              {
                "lessThan": "10.3.2",
                "status": "affected",
                "version": "10.3",
                "versionType": "semver"
              },
              {
                "lessThan": "10.2.3",
                "status": "affected",
                "version": "10.2",
                "versionType": "semver"
              },
              {
                "lessThan": "10.1.2",
                "status": "affected",
                "version": "10.1",
                "versionType": "semver"
              },
              {
                "lessThan": "10.0.2",
                "status": "affected",
                "version": "10.0",
                "versionType": "semver"
              },
              {
                "lessThan": "9.9.3",
                "status": "affected",
                "version": "9.9",
                "versionType": "semver"
              },
              {
                "lessThan": "9.8.3",
                "status": "affected",
                "version": "9.8",
                "versionType": "semver"
              },
              {
                "lessThan": "9.7.3",
                "status": "affected",
                "version": "9.7",
                "versionType": "semver"
              },
              {
                "lessThan": "9.6.4",
                "status": "affected",
                "version": "9.6",
                "versionType": "semver"
              },
              {
                "lessThan": "9.5.5",
                "status": "affected",
                "version": "9.5",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "9.4.4",
                "status": "affected",
                "version": "9.4",
                "versionType": "semver"
              },
              {
                "lessThan": "9.3.5",
                "status": "affected",
                "version": "9.3",
                "versionType": "semver"
              },
              {
                "lessThan": "9.2.4",
                "status": "affected",
                "version": "9.2",
                "versionType": "semver"
              },
              {
                "lessThan": "9.1.3",
                "status": "affected",
                "version": "9.1",
                "versionType": "semver"
              },
              {
                "lessThan": "9.0.5",
                "status": "affected",
                "version": "9.0",
                "versionType": "semver"
              },
              {
                "lessThan": "8.9.4",
                "status": "affected",
                "version": "8.9",
                "versionType": "semver"
              },
              {
                "lessThan": "8.8.5",
                "status": "affected",
                "version": "8.8",
                "versionType": "semver"
              },
              {
                "lessThan": "8.7.4",
                "status": "affected",
                "version": "8.7",
                "versionType": "semver"
              },
              {
                "lessThan": "8.6.4",
                "status": "affected",
                "version": "8.6",
                "versionType": "semver"
              },
              {
                "lessThan": "8.5.3",
                "status": "affected",
                "version": "8.5",
                "versionType": "semver"
              },
              {
                "lessThan": "8.4.5",
                "status": "affected",
                "version": "8.4",
                "versionType": "semver"
              },
              {
                "lessThan": "8.3.3",
                "status": "affected",
                "version": "8.3",
                "versionType": "semver"
              },
              {
                "lessThan": "8.2.6",
                "status": "affected",
                "version": "8.2",
                "versionType": "semver"
              },
              {
                "lessThan": "8.1.4",
                "status": "affected",
                "version": "8.1",
                "versionType": "semver"
              },
              {
                "lessThan": "8.0.3",
                "status": "affected",
                "version": "8.0",
                "versionType": "semver"
              },
              {
                "lessThan": "7.9.4",
                "status": "affected",
                "version": "7.9",
                "versionType": "semver"
              },
              {
                "lessThan": "7.8.4",
                "status": "affected",
                "version": "7.8",
                "versionType": "semver"
              },
              {
                "lessThan": "7.7.6",
                "status": "affected",
                "version": "7.7",
                "versionType": "semver"
              },
              {
                "lessThan": "7.6.4",
                "status": "affected",
                "version": "7.6",
                "versionType": "semver"
              },
              {
                "lessThan": "7.5.7",
                "status": "affected",
                "version": "7.5",
                "versionType": "semver"
              },
              {
                "lessThan": "7.4.5",
                "status": "affected",
                "version": "7.4",
                "versionType": "semver"
              },
              {
                "lessThan": "7.3.5",
                "status": "affected",
                "version": "7.3",
                "versionType": "semver"
              },
              {
                "lessThan": "7.2.5",
                "status": "affected",
                "version": "7.2",
                "versionType": "semver"
              },
              {
                "lessThan": "7.1.5",
                "status": "affected",
                "version": "7.1",
                "versionType": "semver"
              },
              {
                "lessThan": "7.0.5",
                "status": "affected",
                "version": "7.0",
                "versionType": "semver"
              },
              {
                "lessThan": "6.9.4",
                "status": "affected",
                "version": "6.9",
                "versionType": "semver"
              },
              {
                "lessThan": "6.8.5",
                "status": "affected",
                "version": "6.8",
                "versionType": "semver"
              },
              {
                "lessThan": "6.7.4",
                "status": "affected",
                "version": "6.7",
                "versionType": "semver"
              },
              {
                "lessThan": "6.6.5",
                "status": "affected",
                "version": "6.6",
                "versionType": "semver"
              },
              {
                "lessThan": "6.5.4",
                "status": "affected",
                "version": "6.5",
                "versionType": "semver"
              },
              {
                "lessThan": "6.4.6",
                "status": "affected",
                "version": "6.4",
                "versionType": "semver"
              },
              {
                "lessThan": "6.3.7",
                "status": "affected",
                "version": "6.3",
                "versionType": "semver"
              },
              {
                "lessThan": "6.2.5",
                "status": "affected",
                "version": "6.2",
                "versionType": "semver"
              },
              {
                "lessThan": "6.1.5",
                "status": "affected",
                "version": "6.1",
                "versionType": "semver"
              },
              {
                "lessThan": "6.0.4",
                "status": "affected",
                "version": "6.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.9.4",
                "status": "affected",
                "version": "5.9",
                "versionType": "semver"
              },
              {
                "lessThan": "5.8.4",
                "status": "affected",
                "version": "5.8",
                "versionType": "semver"
              },
              {
                "lessThan": "5.7.5",
                "status": "affected",
                "version": "5.7",
                "versionType": "semver"
              },
              {
                "lessThan": "5.6.5",
                "status": "affected",
                "version": "5.6",
                "versionType": "semver"
              },
              {
                "lessThan": "5.5.5",
                "status": "affected",
                "version": "5.5",
                "versionType": "semver"
              },
              {
                "lessThan": "5.4.4",
                "status": "affected",
                "version": "5.4",
                "versionType": "semver"
              },
              {
                "lessThan": "5.3.4",
                "status": "affected",
                "version": "5.3",
                "versionType": "semver"
              },
              {
                "lessThan": "5.2.5",
                "status": "affected",
                "version": "5.2",
                "versionType": "semver"
              },
              {
                "lessThan": "5.1.4",
                "status": "affected",
                "version": "5.1",
                "versionType": "semver"
              },
              {
                "lessThan": "5.0.3",
                "status": "affected",
                "version": "5.0",
                "versionType": "semver"
              },
              {
                "lessThan": "4.9.3",
                "status": "affected",
                "version": "4.9",
                "versionType": "semver"
              },
              {
                "lessThan": "4.8.5",
                "status": "affected",
                "version": "4.8",
                "versionType": "semver"
              },
              {
                "lessThan": "4.7.4",
                "status": "affected",
                "version": "4.7",
                "versionType": "semver"
              },
              {
                "lessThan": "4.6.3",
                "status": "affected",
                "version": "4.6",
                "versionType": "semver"
              },
              {
                "lessThan": "4.5.3",
                "status": "affected",
                "version": "4.5",
                "versionType": "semver"
              },
              {
                "lessThan": "4.4.5",
                "status": "affected",
                "version": "4.4",
                "versionType": "semver"
              },
              {
                "lessThan": "4.3.5",
                "status": "affected",
                "version": "4.3",
                "versionType": "semver"
              },
              {
                "lessThan": "4.2.5",
                "status": "affected",
                "version": "4.2",
                "versionType": "semver"
              },
              {
                "lessThan": "4.1.4",
                "status": "affected",
                "version": "4.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "4.0.7",
                "status": "affected",
                "version": "4.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "3.9.10",
                "status": "affected",
                "version": "3.9.2",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-9926",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T18:35:48.550122Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T19:53:07.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.9.1",
              "status": "affected",
              "version": "13.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.8.2",
              "status": "affected",
              "version": "13.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.7.1",
              "status": "affected",
              "version": "13.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.6.1",
              "status": "affected",
              "version": "13.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.5.1",
              "status": "affected",
              "version": "13.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.4.4",
              "status": "affected",
              "version": "13.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.3.2",
              "status": "affected",
              "version": "13.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.2.3",
              "status": "affected",
              "version": "13.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.1.4",
              "status": "affected",
              "version": "13.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.0.1",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.9.4",
              "status": "affected",
              "version": "12.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.8.2",
              "status": "affected",
              "version": "12.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.7.2",
              "status": "affected",
              "version": "12.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.6.3",
              "status": "affected",
              "version": "12.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.5.1",
              "status": "affected",
              "version": "12.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.4.1",
              "status": "affected",
              "version": "12.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.3.1",
              "status": "affected",
              "version": "12.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.2.2",
              "status": "affected",
              "version": "12.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.1.2",
              "status": "affected",
              "version": "12.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.0.2",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.9.3",
              "status": "affected",
              "version": "11.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.8.6",
              "status": "affected",
              "version": "11.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.7.3",
              "status": "affected",
              "version": "11.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.6.2",
              "status": "affected",
              "version": "11.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.5.3",
              "status": "affected",
              "version": "11.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.4.2",
              "status": "affected",
              "version": "11.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.3.4",
              "status": "affected",
              "version": "11.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.2.2",
              "status": "affected",
              "version": "11.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.1.4",
              "status": "affected",
              "version": "11.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.0.2",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.9.3",
              "status": "affected",
              "version": "10.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.8.2",
              "status": "affected",
              "version": "10.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.7.2",
              "status": "affected",
              "version": "10.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.6.2",
              "status": "affected",
              "version": "10.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.5.3",
              "status": "affected",
              "version": "10.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.4.2",
              "status": "affected",
              "version": "10.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.3.2",
              "status": "affected",
              "version": "10.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.2.3",
              "status": "affected",
              "version": "10.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.1.2",
              "status": "affected",
              "version": "10.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.0.2",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.9.3",
              "status": "affected",
              "version": "9.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.8.3",
              "status": "affected",
              "version": "9.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.7.3",
              "status": "affected",
              "version": "9.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.6.4",
              "status": "affected",
              "version": "9.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.5.5",
              "status": "affected",
              "version": "9.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.4.4",
              "status": "affected",
              "version": "9.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.3.5",
              "status": "affected",
              "version": "9.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.2.4",
              "status": "affected",
              "version": "9.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.1.3",
              "status": "affected",
              "version": "9.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.0.5",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.9.4",
              "status": "affected",
              "version": "8.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.8.5",
              "status": "affected",
              "version": "8.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.7.4",
              "status": "affected",
              "version": "8.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.6.4",
              "status": "affected",
              "version": "8.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.5.3",
              "status": "affected",
              "version": "8.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.4.5",
              "status": "affected",
              "version": "8.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.3.3",
              "status": "affected",
              "version": "8.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.2.6",
              "status": "affected",
              "version": "8.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.1.4",
              "status": "affected",
              "version": "8.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.0.3",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.9.4",
              "status": "affected",
              "version": "7.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.8.4",
              "status": "affected",
              "version": "7.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.7.6",
              "status": "affected",
              "version": "7.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.6.4",
              "status": "affected",
              "version": "7.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.5.7",
              "status": "affected",
              "version": "7.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.4.5",
              "status": "affected",
              "version": "7.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.3.5",
              "status": "affected",
              "version": "7.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.2.5",
              "status": "affected",
              "version": "7.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.1.5",
              "status": "affected",
              "version": "7.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.0.5",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.9.4",
              "status": "affected",
              "version": "6.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.8.5",
              "status": "affected",
              "version": "6.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.7.4",
              "status": "affected",
              "version": "6.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.6.5",
              "status": "affected",
              "version": "6.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.5.4",
              "status": "affected",
              "version": "6.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.4.6",
              "status": "affected",
              "version": "6.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.3.7",
              "status": "affected",
              "version": "6.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.2.5",
              "status": "affected",
              "version": "6.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.1.5",
              "status": "affected",
              "version": "6.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.0.4",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.9.4",
              "status": "affected",
              "version": "5.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.8.4",
              "status": "affected",
              "version": "5.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.7.5",
              "status": "affected",
              "version": "5.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.6.5",
              "status": "affected",
              "version": "5.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.5.5",
              "status": "affected",
              "version": "5.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.4.4",
              "status": "affected",
              "version": "5.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.3.4",
              "status": "affected",
              "version": "5.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.2.5",
              "status": "affected",
              "version": "5.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.1.4",
              "status": "affected",
              "version": "5.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.0.3",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.9.3",
              "status": "affected",
              "version": "4.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.8.5",
              "status": "affected",
              "version": "4.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.7.4",
              "status": "affected",
              "version": "4.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.6.3",
              "status": "affected",
              "version": "4.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.5.3",
              "status": "affected",
              "version": "4.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.4.5",
              "status": "affected",
              "version": "4.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.3.5",
              "status": "affected",
              "version": "4.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.2.5",
              "status": "affected",
              "version": "4.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.1.4",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.0.7",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.9.10",
              "status": "affected",
              "version": "3.9.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marc Montpas"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-07T15:02:38.050Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/669382af-f836-4896-bdcb-5c6a57c99bd9/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack \u003c 13.9.1 - Subscriber+ Arbitrary Feedback Access",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2024-9926",
    "datePublished": "2024-11-07T15:02:38.050Z",
    "dateReserved": "2024-10-14T09:27:37.145Z",
    "dateUpdated": "2024-11-07T19:53:07.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47788 (GCVE-0-2023-47788)

Vulnerability from cvelistv5 – Published: 2024-06-19 10:33 – Updated: 2024-08-02 21:16
VLAI?
Summary
Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Automattic Jetpack Affected: n/a , < 12.7 (custom)
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jetpack",
            "vendor": "automattic",
            "versions": [
              {
                "lessThan": "12.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T19:29:51.411610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-03T19:13:11.470Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:16:43.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-broken-access-control-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "jetpack",
          "product": "Jetpack",
          "vendor": "Automattic",
          "versions": [
            {
              "changes": [
                {
                  "at": "12.7",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12.7",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Automattic Jetpack.\u003cp\u003eThis issue affects Jetpack: from n/a before 12.7.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-19T10:33:57.434Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-broken-access-control-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 12.7 or a higher version."
            }
          ],
          "value": "Update to 12.7 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Jetpack plugin \u003c 12.7 - Contributor+ Broken Access Control vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-47788",
    "datePublished": "2024-06-19T10:33:57.434Z",
    "dateReserved": "2023-11-09T22:58:15.293Z",
    "dateUpdated": "2024-08-02T21:16:43.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47774 (GCVE-0-2023-47774)

Vulnerability from cvelistv5 – Published: 2024-04-24 15:58 – Updated: 2024-08-02 21:16
VLAI?
Summary
Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
Impacted products
Vendor Product Version
Automattic Jetpack Affected: n/a , < 12.7 (custom)
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jetpack",
            "vendor": "automattic",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T18:30:02.309416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:26:46.541Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:16:43.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "jetpack",
          "product": "Jetpack",
          "vendor": "Automattic",
          "versions": [
            {
              "changes": [
                {
                  "at": "12.7",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12.7",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.\u003cp\u003eThis issue affects Jetpack: from n/a before 12.7.\u003c/p\u003e"
            }
          ],
          "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-103",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-103 Clickjacking"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-24T15:59:47.815Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 12.7 or a higher version."
            }
          ],
          "value": "Update to 12.7 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Jetpack plugin \u003c 12.7 - Auth. Iframe Injection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-47774",
    "datePublished": "2024-04-24T15:58:40.432Z",
    "dateReserved": "2023-11-09T21:00:01.699Z",
    "dateUpdated": "2024-08-02T21:16:43.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45050 (GCVE-0-2023-45050)

Vulnerability from cvelistv5 – Published: 2023-11-30 12:07 – Updated: 2025-06-05 13:22
VLAI?
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
Automattic Jetpack – WP Security, Backup, Speed, & Growth Affected: n/a , ≤ 12.8-a.1 (custom)
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:18.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
          },
          {
            "tags": [
              "third-party-advisory",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45050",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-05T13:22:32.043394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-05T13:22:45.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "jetpack",
          "product": "Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth",
          "vendor": "Automattic",
          "versions": [
            {
              "changes": [
                {
                  "at": "12.8-a.3",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "12.8-a.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Automattic Jetpack \u2013 WP Security, Backup, Speed, \u0026amp; Growth allows Stored XSS.\u003cp\u003eThis issue affects Jetpack \u2013 WP Security, Backup, Speed, \u0026amp; Growth: from n/a through 12.8-a.1.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Automattic Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth allows Stored XSS.This issue affects Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth: from n/a through 12.8-a.1.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592 Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-30T12:07:42.417Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "third-party-advisory",
            "technical-description"
          ],
          "url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u0026nbsp;12.8-a.3 or a higher version."
            }
          ],
          "value": "Update to\u00a012.8-a.3 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Jetpack Plugin \u003c= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-45050",
    "datePublished": "2023-11-30T12:07:42.417Z",
    "dateReserved": "2023-10-03T13:30:39.403Z",
    "dateUpdated": "2025-06-05T13:22:45.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2996 (GCVE-0-2023-2996)

Vulnerability from cvelistv5 – Published: 2023-06-27 13:17 – Updated: 2024-12-05 16:48
VLAI?
Summary
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 1.9 , < 2.0.9 (custom)
Affected: 2.1 , < 2.1.7 (custom)
Affected: 2.2 , < 2.2.10 (custom)
Affected: 2.3 , < 2.3.10 (custom)
Affected: 2.4 , < 2.4.7 (custom)
Affected: 2.5 , < 2.5.5 (custom)
Affected: 2.6 , < 2.6.6 (custom)
Affected: 2.7 , < 2.7.5 (custom)
Affected: 2.8 , < 2.8.5 (custom)
Affected: 2.9 , < 2.9.6 (custom)
Affected: 3.0 , < 3.0.6 (custom)
Affected: 3.1 , < 3.1.5 (custom)
Affected: 3.2 , < 3.2.5 (custom)
Affected: 3.3 , < 3.3.6 (custom)
Affected: 3.4 , < 3.4.6 (custom)
Affected: 3.5 , < 3.5.6 (custom)
Affected: 3.6 , < 3.6.4 (custom)
Affected: 3.7 , < 3.7.5 (custom)
Affected: 3.8 , < 3.8.5 (custom)
Affected: 3.9 , < 3.9.9 (custom)
Affected: 4.0 , < 4.0.6 (custom)
Affected: 4.1 , < 4.1.3 (custom)
Affected: 4.2 , < 4.2.4 (custom)
Affected: 4.3 , < 4.3.4 (custom)
Affected: 4.4 , < 4.4.4 (custom)
Affected: 4.5 , < 4.5.2 (custom)
Affected: 4.6 , < 4.6.2 (custom)
Affected: 4.7 , < 4.7.3 (custom)
Affected: 4.8 , < 4.8.4 (custom)
Affected: 4.9 , < 4.9.2 (custom)
Affected: 5.0 , < 5.0.2 (custom)
Affected: 5.1 , < 5.1.3 (custom)
Affected: 5.2 , < 5.2.4 (custom)
Affected: 5.3 , < 5.3.3 (custom)
Affected: 5.4 , < 5.4.3 (custom)
Affected: 5.5 , < 5.5.4 (custom)
Affected: 5.6 , < 5.6.4 (custom)
Affected: 5.7 , < 5.7.4 (custom)
Affected: 5.8 , < 5.8.3 (custom)
Affected: 5.9 , < 5.9.3 (custom)
Affected: 6.0 , < 6.0.3 (custom)
Affected: 6.1 , < 6.1.4 (custom)
Affected: 6.2 , < 6.2.4 (custom)
Affected: 6.3 , < 6.3.6 (custom)
Affected: 6.4 , < 6.4.5 (custom)
Affected: 6.5 , < 6.5.3 (custom)
Affected: 6.6 , < 6.6.4 (custom)
Affected: 6.7 , < 6.7.3 (custom)
Affected: 6.8 , < 6.8.4 (custom)
Affected: 6.9 , < 6.9.3 (custom)
Affected: 7.0 , < 7.0.4 (custom)
Affected: 7.1 , < 7.1.4 (custom)
Affected: 7.2 , < 7.2.4 (custom)
Affected: 7.3 , < 7.3.4 (custom)
Affected: 7.4 , < 7.4.4 (custom)
Affected: 7.5 , < 7.5.6 (custom)
Affected: 7.6 , < 7.6.3 (custom)
Affected: 7.7 , < 7.7.5 (custom)
Affected: 7.8 , < 7.8.3 (custom)
Affected: 7.9 , < 7.9.3 (custom)
Affected: 8.0 , < 8.0.2 (custom)
Affected: 8.1 , < 8.1.3 (custom)
Affected: 8.2 , < 8.2.5 (custom)
Affected: 8.3 , < 8.3.2 (custom)
Affected: 8.4 , < 8.4.4 (custom)
Affected: 8.5 , < 8.5.2 (custom)
Affected: 8.6 , < 8.6.3 (custom)
Affected: 8.7 , < 8.7.3 (custom)
Affected: 8.8 , < 8.8.4 (custom)
Affected: 8.9 , < 8.9.3 (custom)
Affected: 9.0 , < 9.0.4 (custom)
Affected: 9.1 , < 9.1.2 (custom)
Affected: 9.2 , < 9.2.3 (custom)
Affected: 9.3 , < 9.3.4 (custom)
Affected: 9.4 , < 9.4.3 (custom)
Affected: 9.5 , < 9.5.4 (custom)
Affected: 9.6 , < 9.6.3 (custom)
Affected: 9.7 , < 9.7.2 (custom)
Affected: 9.8 , < 9.8.2 (custom)
Affected: 9.9 , < 9.9.2 (custom)
Affected: 10.0 , < 10.0.1 (custom)
Affected: 10.1 , < 10.1.1 (custom)
Affected: 10.2 , < 10.2.2 (custom)
Affected: 10.3 , < 10.3.1 (custom)
Affected: 10.4 , < 10.4.1 (custom)
Affected: 10.5 , < 10.5.2 (custom)
Affected: 10.6 , < 10.6.2 (custom)
Affected: 10.7 , < 10.7.1 (custom)
Affected: 10.8 , < 10.8.1 (custom)
Affected: 10.9 , < 10.9.2 (custom)
Affected: 11.0 , < 11.0.1 (custom)
Affected: 11.1 , < 11.1.3 (custom)
Affected: 11.2 , < 11.2.1 (custom)
Affected: 11.3 , < 11.3.3 (custom)
Affected: 11.4 , < 11.4.1 (custom)
Affected: 11.5 , < 11.5.2 (custom)
Affected: 11.6 , < 11.6.1 (custom)
Affected: 11.7 , < 11.7.2 (custom)
Affected: 11.8 , < 11.8.5 (custom)
Affected: 11.9 , < 11.9.2 (custom)
Affected: 12.0 , < 12.0.1 (custom)
Affected: 12.1 , < 12.1.1 (custom)
Create a notification for this product.
Credits
Miguel Neto WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:03.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2996",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T16:47:57.983039Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T16:48:09.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "2.0.9",
              "status": "affected",
              "version": "1.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.1.7",
              "status": "affected",
              "version": "2.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.2.10",
              "status": "affected",
              "version": "2.2",
              "versionType": "custom"
            },
            {
              "lessThan": "2.3.10",
              "status": "affected",
              "version": "2.3",
              "versionType": "custom"
            },
            {
              "lessThan": "2.4.7",
              "status": "affected",
              "version": "2.4",
              "versionType": "custom"
            },
            {
              "lessThan": "2.5.5",
              "status": "affected",
              "version": "2.5",
              "versionType": "custom"
            },
            {
              "lessThan": "2.6.6",
              "status": "affected",
              "version": "2.6",
              "versionType": "custom"
            },
            {
              "lessThan": "2.7.5",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            },
            {
              "lessThan": "2.8.5",
              "status": "affected",
              "version": "2.8",
              "versionType": "custom"
            },
            {
              "lessThan": "2.9.6",
              "status": "affected",
              "version": "2.9",
              "versionType": "custom"
            },
            {
              "lessThan": "3.0.6",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.5",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            },
            {
              "lessThan": "3.2.5",
              "status": "affected",
              "version": "3.2",
              "versionType": "custom"
            },
            {
              "lessThan": "3.3.6",
              "status": "affected",
              "version": "3.3",
              "versionType": "custom"
            },
            {
              "lessThan": "3.4.6",
              "status": "affected",
              "version": "3.4",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.6",
              "status": "affected",
              "version": "3.5",
              "versionType": "custom"
            },
            {
              "lessThan": "3.6.4",
              "status": "affected",
              "version": "3.6",
              "versionType": "custom"
            },
            {
              "lessThan": "3.7.5",
              "status": "affected",
              "version": "3.7",
              "versionType": "custom"
            },
            {
              "lessThan": "3.8.5",
              "status": "affected",
              "version": "3.8",
              "versionType": "custom"
            },
            {
              "lessThan": "3.9.9",
              "status": "affected",
              "version": "3.9",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.1.3",
              "status": "affected",
              "version": "4.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.2.4",
              "status": "affected",
              "version": "4.2",
              "versionType": "custom"
            },
            {
              "lessThan": "4.3.4",
              "status": "affected",
              "version": "4.3",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.4",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            },
            {
              "lessThan": "4.5.2",
              "status": "affected",
              "version": "4.5",
              "versionType": "custom"
            },
            {
              "lessThan": "4.6.2",
              "status": "affected",
              "version": "4.6",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.3",
              "status": "affected",
              "version": "4.7",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.4",
              "status": "affected",
              "version": "4.8",
              "versionType": "custom"
            },
            {
              "lessThan": "4.9.2",
              "status": "affected",
              "version": "4.9",
              "versionType": "custom"
            },
            {
              "lessThan": "5.0.2",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.1.3",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.4",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            },
            {
              "lessThan": "5.3.3",
              "status": "affected",
              "version": "5.3",
              "versionType": "custom"
            },
            {
              "lessThan": "5.4.3",
              "status": "affected",
              "version": "5.4",
              "versionType": "custom"
            },
            {
              "lessThan": "5.5.4",
              "status": "affected",
              "version": "5.5",
              "versionType": "custom"
            },
            {
              "lessThan": "5.6.4",
              "status": "affected",
              "version": "5.6",
              "versionType": "custom"
            },
            {
              "lessThan": "5.7.4",
              "status": "affected",
              "version": "5.7",
              "versionType": "custom"
            },
            {
              "lessThan": "5.8.3",
              "status": "affected",
              "version": "5.8",
              "versionType": "custom"
            },
            {
              "lessThan": "5.9.3",
              "status": "affected",
              "version": "5.9",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.3",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.4",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.4",
              "status": "affected",
              "version": "6.2",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.6",
              "status": "affected",
              "version": "6.3",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.5",
              "status": "affected",
              "version": "6.4",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.3",
              "status": "affected",
              "version": "6.5",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.4",
              "status": "affected",
              "version": "6.6",
              "versionType": "custom"
            },
            {
              "lessThan": "6.7.3",
              "status": "affected",
              "version": "6.7",
              "versionType": "custom"
            },
            {
              "lessThan": "6.8.4",
              "status": "affected",
              "version": "6.8",
              "versionType": "custom"
            },
            {
              "lessThan": "6.9.3",
              "status": "affected",
              "version": "6.9",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.4",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.1.4",
              "status": "affected",
              "version": "7.1",
              "versionType": "custom"
            },
            {
              "lessThan": "7.2.4",
              "status": "affected",
              "version": "7.2",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.4",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.4",
              "status": "affected",
              "version": "7.4",
              "versionType": "custom"
            },
            {
              "lessThan": "7.5.6",
              "status": "affected",
              "version": "7.5",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.3",
              "status": "affected",
              "version": "7.6",
              "versionType": "custom"
            },
            {
              "lessThan": "7.7.5",
              "status": "affected",
              "version": "7.7",
              "versionType": "custom"
            },
            {
              "lessThan": "7.8.3",
              "status": "affected",
              "version": "7.8",
              "versionType": "custom"
            },
            {
              "lessThan": "7.9.3",
              "status": "affected",
              "version": "7.9",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.2",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.3",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.5",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3.2",
              "status": "affected",
              "version": "8.3",
              "versionType": "custom"
            },
            {
              "lessThan": "8.4.4",
              "status": "affected",
              "version": "8.4",
              "versionType": "custom"
            },
            {
              "lessThan": "8.5.2",
              "status": "affected",
              "version": "8.5",
              "versionType": "custom"
            },
            {
              "lessThan": "8.6.3",
              "status": "affected",
              "version": "8.6",
              "versionType": "custom"
            },
            {
              "lessThan": "8.7.3",
              "status": "affected",
              "version": "8.7",
              "versionType": "custom"
            },
            {
              "lessThan": "8.8.4",
              "status": "affected",
              "version": "8.8",
              "versionType": "custom"
            },
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "8.9",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0.4",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.1.2",
              "status": "affected",
              "version": "9.1",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2.3",
              "status": "affected",
              "version": "9.2",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.4",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.3",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.5.4",
              "status": "affected",
              "version": "9.5",
              "versionType": "custom"
            },
            {
              "lessThan": "9.6.3",
              "status": "affected",
              "version": "9.6",
              "versionType": "custom"
            },
            {
              "lessThan": "9.7.2",
              "status": "affected",
              "version": "9.7",
              "versionType": "custom"
            },
            {
              "lessThan": "9.8.2",
              "status": "affected",
              "version": "9.8",
              "versionType": "custom"
            },
            {
              "lessThan": "9.9.2",
              "status": "affected",
              "version": "9.9",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.1",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.1",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.3.1",
              "status": "affected",
              "version": "10.3",
              "versionType": "custom"
            },
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "10.4",
              "versionType": "custom"
            },
            {
              "lessThan": "10.5.2",
              "status": "affected",
              "version": "10.5",
              "versionType": "custom"
            },
            {
              "lessThan": "10.6.2",
              "status": "affected",
              "version": "10.6",
              "versionType": "custom"
            },
            {
              "lessThan": "10.7.1",
              "status": "affected",
              "version": "10.7",
              "versionType": "custom"
            },
            {
              "lessThan": "10.8.1",
              "status": "affected",
              "version": "10.8",
              "versionType": "custom"
            },
            {
              "lessThan": "10.9.2",
              "status": "affected",
              "version": "10.9",
              "versionType": "custom"
            },
            {
              "lessThan": "11.0.1",
              "status": "affected",
              "version": "11.0",
              "versionType": "custom"
            },
            {
              "lessThan": "11.1.3",
              "status": "affected",
              "version": "11.1",
              "versionType": "custom"
            },
            {
              "lessThan": "11.2.1",
              "status": "affected",
              "version": "11.2",
              "versionType": "custom"
            },
            {
              "lessThan": "11.3.3",
              "status": "affected",
              "version": "11.3",
              "versionType": "custom"
            },
            {
              "lessThan": "11.4.1",
              "status": "affected",
              "version": "11.4",
              "versionType": "custom"
            },
            {
              "lessThan": "11.5.2",
              "status": "affected",
              "version": "11.5",
              "versionType": "custom"
            },
            {
              "lessThan": "11.6.1",
              "status": "affected",
              "version": "11.6",
              "versionType": "custom"
            },
            {
              "lessThan": "11.7.2",
              "status": "affected",
              "version": "11.7",
              "versionType": "custom"
            },
            {
              "lessThan": "11.8.5",
              "status": "affected",
              "version": "11.8",
              "versionType": "custom"
            },
            {
              "lessThan": "11.9.2",
              "status": "affected",
              "version": "11.9",
              "versionType": "custom"
            },
            {
              "lessThan": "12.0.1",
              "status": "affected",
              "version": "12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.1.1",
              "status": "affected",
              "version": "12.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Miguel Neto"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-27T13:17:07.479Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack \u003c 12.1.1 - Author+ Arbitrary File Manipulation via API",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-2996",
    "datePublished": "2023-06-27T13:17:07.479Z",
    "dateReserved": "2023-05-30T19:10:08.911Z",
    "dateUpdated": "2024-12-05T16:48:09.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24374 (GCVE-0-2021-24374)

Vulnerability from cvelistv5 – Published: 2021-06-21 19:18 – Updated: 2024-08-03 19:28
VLAI?
Summary
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
Severity ?
No CVSS data available.
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Automattic Jetpack – WP Security, Backup, Speed, & Growth Affected: 9.8 , < 9.8 (custom)
Create a notification for this product.
Credits
nguyenhg_vcs
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth",
          "vendor": "Automattic",
          "versions": [
            {
              "lessThan": "9.8",
              "status": "affected",
              "version": "9.8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "nguyenhg_vcs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a \"carousel\" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-21T19:18:21",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Jetpack \u003c 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24374",
          "STATE": "PUBLIC",
          "TITLE": "Jetpack \u003c 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.8",
                            "version_value": "9.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Automattic"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "nguyenhg_vcs"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a \"carousel\" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33"
            },
            {
              "name": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/",
              "refsource": "MISC",
              "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24374",
    "datePublished": "2021-06-21T19:18:21",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:28:23.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-9359 (GCVE-0-2015-9359)

Vulnerability from cvelistv5 – Published: 2019-08-28 14:23 – Updated: 2024-08-06 08:51
VLAI?
Summary
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:51:03.332Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg()."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-28T14:23:20",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-9359",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg()."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html",
              "refsource": "MISC",
              "url": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html"
            },
            {
              "name": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/",
              "refsource": "MISC",
              "url": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-9359",
    "datePublished": "2019-08-28T14:23:20",
    "dateReserved": "2019-08-28T00:00:00",
    "dateUpdated": "2024-08-06T08:51:03.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10076 (GCVE-0-2024-10076)

Vulnerability from nvd – Published: 2025-05-15 20:06 – Updated: 2025-05-20 16:03
VLAI?
Summary
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
Severity ?
5.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
CWE
Assigner
References
https://wpscan.com/vulnerability/15f278f6-0418-4c… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 0 , < 13.8 (semver)
Create a notification for this product.
Credits
Marc Montpas WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "HIGH",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-10076",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T15:47:11.845919Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T16:03:22.267Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack Boost",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.4.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marc Montpas"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack  WordPress plugin before 13.8, Jetpack Boost  WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn\u2019t, ultimately making it possible for contributor and above users to perform Stored XSS attacks"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79 Cross-Site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-15T20:06:40.424Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack \u003c 13.8, Boost \u003c 3.4.8 - Contributor+ Stored XSS",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2024-10076",
    "datePublished": "2025-05-15T20:06:40.424Z",
    "dateReserved": "2024-10-17T09:02:05.021Z",
    "dateUpdated": "2025-05-20T16:03:22.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10075 (GCVE-0-2024-10075)

Vulnerability from nvd – Published: 2025-05-15 20:06 – Updated: 2025-05-20 16:10
VLAI?
Summary
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.
Severity ?
5.6 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
Assigner
References
https://wpscan.com/vulnerability/a984976c-291a-4f… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 0 , < 13.8 (semver)
Create a notification for this product.
Credits
Marc Montpas WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-10075",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-20T16:08:22.976995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T16:10:57.508Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marc Montpas"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack  WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-15T20:06:40.225Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/a984976c-291a-4f68-90d4-e452605ea7d1/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack \u003c 13.8 - Unauthenticated Arbitrary Block \u0026 Shortcode Execution",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2024-10075",
    "datePublished": "2025-05-15T20:06:40.225Z",
    "dateReserved": "2024-10-17T08:50:53.381Z",
    "dateUpdated": "2025-05-20T16:10:57.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-10858 (GCVE-0-2024-10858)

Vulnerability from nvd – Published: 2024-12-25 06:00 – Updated: 2024-12-26 19:53
VLAI?
Summary
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
Assigner
References
https://wpscan.com/vulnerability/7fecba37-d718-4d… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 13.0 , < 14.1 (semver)
Create a notification for this product.
Credits
Eldar (hakupiku) WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-10858",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-26T19:52:57.866186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-26T19:53:41.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "14.1",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Eldar (hakupiku)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack  WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79 Cross-Site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-25T06:00:02.663Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack 13.0-14.0 - Unauthenticated DOM-XSS",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2024-10858",
    "datePublished": "2024-12-25T06:00:02.663Z",
    "dateReserved": "2024-11-05T13:26:58.545Z",
    "dateUpdated": "2024-12-26T19:53:41.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-9926 (GCVE-0-2024-9926)

Vulnerability from nvd – Published: 2024-11-07 15:02 – Updated: 2024-11-07 19:53
VLAI?
Summary
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
https://wpscan.com/vulnerability/669382af-f836-48… exploitvdb-entrytechnical-description
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 13.9 , < 13.9.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.8 , < 13.8.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.7 , < 13.7.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.6 , < 13.6.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.5 , < 13.5.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.4 , < 13.4.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.3 , < 13.3.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.2 , < 13.2.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.1 , < 13.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 13.0 , < 13.0.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.9 , < 12.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.8 , < 12.8.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.7 , < 12.7.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.6 , < 12.6.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.5 , < 12.5.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.4 , < 12.4.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.3 , < 12.3.1 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.2 , < 12.2.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.1 , < 12.1.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 12.0 , < 12.0.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.9 , < 11.9.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.8 , < 11.8.6 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.7 , < 11.7.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.6 , < 11.6.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.5 , < 11.5.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.4 , < 11.4.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.3 , < 11.3.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.2 , < 11.2.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.1 , < 11.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 11.0 , < 11.0.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.9 , < 10.9.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.8 , < 10.8.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.7 , < 10.7.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.6 , < 10.6.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.5 , < 10.5.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.4 , < 10.4.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.3 , < 10.3.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.2 , < 10.2.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.1 , < 10.1.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 10.0 , < 10.0.2 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.9 , < 9.9.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.8 , < 9.8.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.7 , < 9.7.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.6 , < 9.6.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.5 , < 9.5.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.4 , < 9.4.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.3 , < 9.3.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.2 , < 9.2.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.1 , < 9.1.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 9.0 , < 9.0.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.9 , < 8.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.8 , < 8.8.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.7 , < 8.7.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.6 , < 8.6.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.5 , < 8.5.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.4 , < 8.4.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.3 , < 8.3.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.2 , < 8.2.6 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.1 , < 8.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 8.0 , < 8.0.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.9 , < 7.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.8 , < 7.8.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.7 , < 7.7.6 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.6 , < 7.6.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.5 , < 7.5.7 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.4 , < 7.4.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.3 , < 7.3.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.2 , < 7.2.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.1 , < 7.1.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 7.0 , < 7.0.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.9 , < 6.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.8 , < 6.8.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.7 , < 6.7.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.6 , < 6.6.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.5 , < 6.5.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.4 , < 6.4.6 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.3 , < 6.3.7 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.2 , < 6.2.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.1 , < 6.1.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 6.0 , < 6.0.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.9 , < 5.9.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.8 , < 5.8.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.7 , < 5.7.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.6 , < 5.6.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.5 , < 5.5.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.4 , < 5.4.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.3 , < 5.3.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.2 , < 5.2.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.1 , < 5.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 5.0 , < 5.0.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.9 , < 4.9.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.8 , < 4.8.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.7 , < 4.7.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.6 , < 4.6.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.5 , < 4.5.3 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.4 , < 4.4.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.3 , < 4.3.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.2 , < 4.2.5 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.1.0 , < 4.1.4 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 4.0.0 , < 4.0.7 (semver)
Create a notification for this product.
    Unknown Jetpack Affected: 3.9.2 , < 3.9.10 (semver)
Create a notification for this product.
Credits
Marc Montpas WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "jetpack",
            "vendor": "automattic",
            "versions": [
              {
                "lessThan": "13.9.1",
                "status": "affected",
                "version": "13.9",
                "versionType": "semver"
              },
              {
                "lessThan": "13.8.2",
                "status": "affected",
                "version": "13.8",
                "versionType": "semver"
              },
              {
                "lessThan": "13.7.1",
                "status": "affected",
                "version": "13.7",
                "versionType": "semver"
              },
              {
                "lessThan": "13.6.1",
                "status": "affected",
                "version": "13.6",
                "versionType": "semver"
              },
              {
                "lessThan": "13.5.1",
                "status": "affected",
                "version": "13.5",
                "versionType": "semver"
              },
              {
                "lessThan": "13.4.4",
                "status": "affected",
                "version": "13.4",
                "versionType": "semver"
              },
              {
                "lessThan": "13.3.2",
                "status": "affected",
                "version": "13.3",
                "versionType": "semver"
              },
              {
                "lessThan": "13.2.3",
                "status": "affected",
                "version": "13.2",
                "versionType": "semver"
              },
              {
                "lessThan": "13.1.4",
                "status": "affected",
                "version": "13.1",
                "versionType": "semver"
              },
              {
                "lessThan": "13.0.1",
                "status": "affected",
                "version": "13.0",
                "versionType": "semver"
              },
              {
                "lessThan": "12.9.4",
                "status": "affected",
                "version": "12.9",
                "versionType": "semver"
              },
              {
                "lessThan": "12.8.2",
                "status": "affected",
                "version": "12.8",
                "versionType": "semver"
              },
              {
                "lessThan": "12.7.2",
                "status": "affected",
                "version": "12.7",
                "versionType": "semver"
              },
              {
                "lessThan": "12.6.3",
                "status": "affected",
                "version": "12.6",
                "versionType": "semver"
              },
              {
                "lessThan": "12.5.1",
                "status": "affected",
                "version": "12.5",
                "versionType": "semver"
              },
              {
                "lessThan": "12.4.1",
                "status": "affected",
                "version": "12.4",
                "versionType": "semver"
              },
              {
                "lessThan": "12.3.1",
                "status": "affected",
                "version": "12.3",
                "versionType": "semver"
              },
              {
                "lessThan": "12.2.2",
                "status": "affected",
                "version": "12.2",
                "versionType": "semver"
              },
              {
                "lessThan": "12.1.2",
                "status": "affected",
                "version": "12.1",
                "versionType": "semver"
              },
              {
                "lessThan": "12.0.2",
                "status": "affected",
                "version": "12.0",
                "versionType": "semver"
              },
              {
                "lessThan": "11.9.3",
                "status": "affected",
                "version": "11.9",
                "versionType": "semver"
              },
              {
                "lessThan": "11.8.6",
                "status": "affected",
                "version": "11.8",
                "versionType": "semver"
              },
              {
                "lessThan": "11.7.3",
                "status": "affected",
                "version": "11.7",
                "versionType": "semver"
              },
              {
                "lessThan": "11.6.2",
                "status": "affected",
                "version": "11.6",
                "versionType": "semver"
              },
              {
                "lessThan": "11.5.3",
                "status": "affected",
                "version": "11.5",
                "versionType": "semver"
              },
              {
                "lessThan": "11.4.2",
                "status": "affected",
                "version": "11.4",
                "versionType": "semver"
              },
              {
                "lessThan": "11.3.4",
                "status": "affected",
                "version": "11.3",
                "versionType": "semver"
              },
              {
                "lessThan": "11.2.2",
                "status": "affected",
                "version": "11.2",
                "versionType": "semver"
              },
              {
                "lessThan": "11.1.4",
                "status": "affected",
                "version": "11.1",
                "versionType": "semver"
              },
              {
                "lessThan": "11.0.2",
                "status": "affected",
                "version": "11.0",
                "versionType": "semver"
              },
              {
                "lessThan": "10.9.3",
                "status": "affected",
                "version": "10.9",
                "versionType": "semver"
              },
              {
                "lessThan": "10.8.2",
                "status": "affected",
                "version": "10.8",
                "versionType": "semver"
              },
              {
                "lessThan": "10.7.2",
                "status": "affected",
                "version": "10.7",
                "versionType": "semver"
              },
              {
                "lessThan": "10.6.2",
                "status": "affected",
                "version": "10.6",
                "versionType": "semver"
              },
              {
                "lessThan": "10.5.3",
                "status": "affected",
                "version": "10.5",
                "versionType": "semver"
              },
              {
                "lessThan": "10.4.2",
                "status": "affected",
                "version": "10.4",
                "versionType": "semver"
              },
              {
                "lessThan": "10.3.2",
                "status": "affected",
                "version": "10.3",
                "versionType": "semver"
              },
              {
                "lessThan": "10.2.3",
                "status": "affected",
                "version": "10.2",
                "versionType": "semver"
              },
              {
                "lessThan": "10.1.2",
                "status": "affected",
                "version": "10.1",
                "versionType": "semver"
              },
              {
                "lessThan": "10.0.2",
                "status": "affected",
                "version": "10.0",
                "versionType": "semver"
              },
              {
                "lessThan": "9.9.3",
                "status": "affected",
                "version": "9.9",
                "versionType": "semver"
              },
              {
                "lessThan": "9.8.3",
                "status": "affected",
                "version": "9.8",
                "versionType": "semver"
              },
              {
                "lessThan": "9.7.3",
                "status": "affected",
                "version": "9.7",
                "versionType": "semver"
              },
              {
                "lessThan": "9.6.4",
                "status": "affected",
                "version": "9.6",
                "versionType": "semver"
              },
              {
                "lessThan": "9.5.5",
                "status": "affected",
                "version": "9.5",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "9.4.4",
                "status": "affected",
                "version": "9.4",
                "versionType": "semver"
              },
              {
                "lessThan": "9.3.5",
                "status": "affected",
                "version": "9.3",
                "versionType": "semver"
              },
              {
                "lessThan": "9.2.4",
                "status": "affected",
                "version": "9.2",
                "versionType": "semver"
              },
              {
                "lessThan": "9.1.3",
                "status": "affected",
                "version": "9.1",
                "versionType": "semver"
              },
              {
                "lessThan": "9.0.5",
                "status": "affected",
                "version": "9.0",
                "versionType": "semver"
              },
              {
                "lessThan": "8.9.4",
                "status": "affected",
                "version": "8.9",
                "versionType": "semver"
              },
              {
                "lessThan": "8.8.5",
                "status": "affected",
                "version": "8.8",
                "versionType": "semver"
              },
              {
                "lessThan": "8.7.4",
                "status": "affected",
                "version": "8.7",
                "versionType": "semver"
              },
              {
                "lessThan": "8.6.4",
                "status": "affected",
                "version": "8.6",
                "versionType": "semver"
              },
              {
                "lessThan": "8.5.3",
                "status": "affected",
                "version": "8.5",
                "versionType": "semver"
              },
              {
                "lessThan": "8.4.5",
                "status": "affected",
                "version": "8.4",
                "versionType": "semver"
              },
              {
                "lessThan": "8.3.3",
                "status": "affected",
                "version": "8.3",
                "versionType": "semver"
              },
              {
                "lessThan": "8.2.6",
                "status": "affected",
                "version": "8.2",
                "versionType": "semver"
              },
              {
                "lessThan": "8.1.4",
                "status": "affected",
                "version": "8.1",
                "versionType": "semver"
              },
              {
                "lessThan": "8.0.3",
                "status": "affected",
                "version": "8.0",
                "versionType": "semver"
              },
              {
                "lessThan": "7.9.4",
                "status": "affected",
                "version": "7.9",
                "versionType": "semver"
              },
              {
                "lessThan": "7.8.4",
                "status": "affected",
                "version": "7.8",
                "versionType": "semver"
              },
              {
                "lessThan": "7.7.6",
                "status": "affected",
                "version": "7.7",
                "versionType": "semver"
              },
              {
                "lessThan": "7.6.4",
                "status": "affected",
                "version": "7.6",
                "versionType": "semver"
              },
              {
                "lessThan": "7.5.7",
                "status": "affected",
                "version": "7.5",
                "versionType": "semver"
              },
              {
                "lessThan": "7.4.5",
                "status": "affected",
                "version": "7.4",
                "versionType": "semver"
              },
              {
                "lessThan": "7.3.5",
                "status": "affected",
                "version": "7.3",
                "versionType": "semver"
              },
              {
                "lessThan": "7.2.5",
                "status": "affected",
                "version": "7.2",
                "versionType": "semver"
              },
              {
                "lessThan": "7.1.5",
                "status": "affected",
                "version": "7.1",
                "versionType": "semver"
              },
              {
                "lessThan": "7.0.5",
                "status": "affected",
                "version": "7.0",
                "versionType": "semver"
              },
              {
                "lessThan": "6.9.4",
                "status": "affected",
                "version": "6.9",
                "versionType": "semver"
              },
              {
                "lessThan": "6.8.5",
                "status": "affected",
                "version": "6.8",
                "versionType": "semver"
              },
              {
                "lessThan": "6.7.4",
                "status": "affected",
                "version": "6.7",
                "versionType": "semver"
              },
              {
                "lessThan": "6.6.5",
                "status": "affected",
                "version": "6.6",
                "versionType": "semver"
              },
              {
                "lessThan": "6.5.4",
                "status": "affected",
                "version": "6.5",
                "versionType": "semver"
              },
              {
                "lessThan": "6.4.6",
                "status": "affected",
                "version": "6.4",
                "versionType": "semver"
              },
              {
                "lessThan": "6.3.7",
                "status": "affected",
                "version": "6.3",
                "versionType": "semver"
              },
              {
                "lessThan": "6.2.5",
                "status": "affected",
                "version": "6.2",
                "versionType": "semver"
              },
              {
                "lessThan": "6.1.5",
                "status": "affected",
                "version": "6.1",
                "versionType": "semver"
              },
              {
                "lessThan": "6.0.4",
                "status": "affected",
                "version": "6.0",
                "versionType": "semver"
              },
              {
                "lessThan": "5.9.4",
                "status": "affected",
                "version": "5.9",
                "versionType": "semver"
              },
              {
                "lessThan": "5.8.4",
                "status": "affected",
                "version": "5.8",
                "versionType": "semver"
              },
              {
                "lessThan": "5.7.5",
                "status": "affected",
                "version": "5.7",
                "versionType": "semver"
              },
              {
                "lessThan": "5.6.5",
                "status": "affected",
                "version": "5.6",
                "versionType": "semver"
              },
              {
                "lessThan": "5.5.5",
                "status": "affected",
                "version": "5.5",
                "versionType": "semver"
              },
              {
                "lessThan": "5.4.4",
                "status": "affected",
                "version": "5.4",
                "versionType": "semver"
              },
              {
                "lessThan": "5.3.4",
                "status": "affected",
                "version": "5.3",
                "versionType": "semver"
              },
              {
                "lessThan": "5.2.5",
                "status": "affected",
                "version": "5.2",
                "versionType": "semver"
              },
              {
                "lessThan": "5.1.4",
                "status": "affected",
                "version": "5.1",
                "versionType": "semver"
              },
              {
                "lessThan": "5.0.3",
                "status": "affected",
                "version": "5.0",
                "versionType": "semver"
              },
              {
                "lessThan": "4.9.3",
                "status": "affected",
                "version": "4.9",
                "versionType": "semver"
              },
              {
                "lessThan": "4.8.5",
                "status": "affected",
                "version": "4.8",
                "versionType": "semver"
              },
              {
                "lessThan": "4.7.4",
                "status": "affected",
                "version": "4.7",
                "versionType": "semver"
              },
              {
                "lessThan": "4.6.3",
                "status": "affected",
                "version": "4.6",
                "versionType": "semver"
              },
              {
                "lessThan": "4.5.3",
                "status": "affected",
                "version": "4.5",
                "versionType": "semver"
              },
              {
                "lessThan": "4.4.5",
                "status": "affected",
                "version": "4.4",
                "versionType": "semver"
              },
              {
                "lessThan": "4.3.5",
                "status": "affected",
                "version": "4.3",
                "versionType": "semver"
              },
              {
                "lessThan": "4.2.5",
                "status": "affected",
                "version": "4.2",
                "versionType": "semver"
              },
              {
                "lessThan": "4.1.4",
                "status": "affected",
                "version": "4.1.0",
                "versionType": "semver"
              },
              {
                "lessThan": "4.0.7",
                "status": "affected",
                "version": "4.0.0",
                "versionType": "semver"
              },
              {
                "lessThan": "3.9.10",
                "status": "affected",
                "version": "3.9.2",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-9926",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T18:35:48.550122Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T19:53:07.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.9.1",
              "status": "affected",
              "version": "13.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.8.2",
              "status": "affected",
              "version": "13.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.7.1",
              "status": "affected",
              "version": "13.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.6.1",
              "status": "affected",
              "version": "13.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.5.1",
              "status": "affected",
              "version": "13.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.4.4",
              "status": "affected",
              "version": "13.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.3.2",
              "status": "affected",
              "version": "13.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.2.3",
              "status": "affected",
              "version": "13.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.1.4",
              "status": "affected",
              "version": "13.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "13.0.1",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.9.4",
              "status": "affected",
              "version": "12.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.8.2",
              "status": "affected",
              "version": "12.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.7.2",
              "status": "affected",
              "version": "12.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.6.3",
              "status": "affected",
              "version": "12.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.5.1",
              "status": "affected",
              "version": "12.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.4.1",
              "status": "affected",
              "version": "12.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.3.1",
              "status": "affected",
              "version": "12.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.2.2",
              "status": "affected",
              "version": "12.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.1.2",
              "status": "affected",
              "version": "12.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "12.0.2",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.9.3",
              "status": "affected",
              "version": "11.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.8.6",
              "status": "affected",
              "version": "11.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.7.3",
              "status": "affected",
              "version": "11.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.6.2",
              "status": "affected",
              "version": "11.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.5.3",
              "status": "affected",
              "version": "11.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.4.2",
              "status": "affected",
              "version": "11.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.3.4",
              "status": "affected",
              "version": "11.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.2.2",
              "status": "affected",
              "version": "11.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.1.4",
              "status": "affected",
              "version": "11.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "11.0.2",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.9.3",
              "status": "affected",
              "version": "10.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.8.2",
              "status": "affected",
              "version": "10.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.7.2",
              "status": "affected",
              "version": "10.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.6.2",
              "status": "affected",
              "version": "10.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.5.3",
              "status": "affected",
              "version": "10.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.4.2",
              "status": "affected",
              "version": "10.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.3.2",
              "status": "affected",
              "version": "10.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.2.3",
              "status": "affected",
              "version": "10.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.1.2",
              "status": "affected",
              "version": "10.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "10.0.2",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.9.3",
              "status": "affected",
              "version": "9.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.8.3",
              "status": "affected",
              "version": "9.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.7.3",
              "status": "affected",
              "version": "9.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.6.4",
              "status": "affected",
              "version": "9.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.5.5",
              "status": "affected",
              "version": "9.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.4.4",
              "status": "affected",
              "version": "9.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.3.5",
              "status": "affected",
              "version": "9.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.2.4",
              "status": "affected",
              "version": "9.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.1.3",
              "status": "affected",
              "version": "9.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "9.0.5",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.9.4",
              "status": "affected",
              "version": "8.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.8.5",
              "status": "affected",
              "version": "8.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.7.4",
              "status": "affected",
              "version": "8.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.6.4",
              "status": "affected",
              "version": "8.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.5.3",
              "status": "affected",
              "version": "8.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.4.5",
              "status": "affected",
              "version": "8.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.3.3",
              "status": "affected",
              "version": "8.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.2.6",
              "status": "affected",
              "version": "8.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.1.4",
              "status": "affected",
              "version": "8.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "8.0.3",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.9.4",
              "status": "affected",
              "version": "7.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.8.4",
              "status": "affected",
              "version": "7.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.7.6",
              "status": "affected",
              "version": "7.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.6.4",
              "status": "affected",
              "version": "7.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.5.7",
              "status": "affected",
              "version": "7.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.4.5",
              "status": "affected",
              "version": "7.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.3.5",
              "status": "affected",
              "version": "7.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.2.5",
              "status": "affected",
              "version": "7.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.1.5",
              "status": "affected",
              "version": "7.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "7.0.5",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.9.4",
              "status": "affected",
              "version": "6.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.8.5",
              "status": "affected",
              "version": "6.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.7.4",
              "status": "affected",
              "version": "6.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.6.5",
              "status": "affected",
              "version": "6.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.5.4",
              "status": "affected",
              "version": "6.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.4.6",
              "status": "affected",
              "version": "6.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.3.7",
              "status": "affected",
              "version": "6.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.2.5",
              "status": "affected",
              "version": "6.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.1.5",
              "status": "affected",
              "version": "6.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "6.0.4",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.9.4",
              "status": "affected",
              "version": "5.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.8.4",
              "status": "affected",
              "version": "5.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.7.5",
              "status": "affected",
              "version": "5.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.6.5",
              "status": "affected",
              "version": "5.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.5.5",
              "status": "affected",
              "version": "5.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.4.4",
              "status": "affected",
              "version": "5.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.3.4",
              "status": "affected",
              "version": "5.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.2.5",
              "status": "affected",
              "version": "5.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.1.4",
              "status": "affected",
              "version": "5.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "5.0.3",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.9.3",
              "status": "affected",
              "version": "4.9",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.8.5",
              "status": "affected",
              "version": "4.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.7.4",
              "status": "affected",
              "version": "4.7",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.6.3",
              "status": "affected",
              "version": "4.6",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.5.3",
              "status": "affected",
              "version": "4.5",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.4.5",
              "status": "affected",
              "version": "4.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.3.5",
              "status": "affected",
              "version": "4.3",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.2.5",
              "status": "affected",
              "version": "4.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.1.4",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "4.0.7",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "3.9.10",
              "status": "affected",
              "version": "3.9.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Marc Montpas"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-07T15:02:38.050Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/669382af-f836-4896-bdcb-5c6a57c99bd9/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack \u003c 13.9.1 - Subscriber+ Arbitrary Feedback Access",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2024-9926",
    "datePublished": "2024-11-07T15:02:38.050Z",
    "dateReserved": "2024-10-14T09:27:37.145Z",
    "dateUpdated": "2024-11-07T19:53:07.815Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47788 (GCVE-0-2023-47788)

Vulnerability from nvd – Published: 2024-06-19 10:33 – Updated: 2024-08-02 21:16
VLAI?
Summary
Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE
Assigner
References
Impacted products
Vendor Product Version
Automattic Jetpack Affected: n/a , < 12.7 (custom)
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jetpack",
            "vendor": "automattic",
            "versions": [
              {
                "lessThan": "12.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T19:29:51.411610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-03T19:13:11.470Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:16:43.650Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-broken-access-control-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "jetpack",
          "product": "Jetpack",
          "vendor": "Automattic",
          "versions": [
            {
              "changes": [
                {
                  "at": "12.7",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12.7",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Automattic Jetpack.\u003cp\u003eThis issue affects Jetpack: from n/a before 12.7.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-19T10:33:57.434Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-broken-access-control-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 12.7 or a higher version."
            }
          ],
          "value": "Update to 12.7 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Jetpack plugin \u003c 12.7 - Contributor+ Broken Access Control vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-47788",
    "datePublished": "2024-06-19T10:33:57.434Z",
    "dateReserved": "2023-11-09T22:58:15.293Z",
    "dateUpdated": "2024-08-02T21:16:43.650Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47774 (GCVE-0-2023-47774)

Vulnerability from nvd – Published: 2024-04-24 15:58 – Updated: 2024-08-02 21:16
VLAI?
Summary
Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CWE
  • CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
Assigner
References
Impacted products
Vendor Product Version
Automattic Jetpack Affected: n/a , < 12.7 (custom)
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jetpack",
            "vendor": "automattic",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T18:30:02.309416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:26:46.541Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:16:43.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "jetpack",
          "product": "Jetpack",
          "vendor": "Automattic",
          "versions": [
            {
              "changes": [
                {
                  "at": "12.7",
                  "status": "unaffected"
                }
              ],
              "lessThan": "12.7",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.\u003cp\u003eThis issue affects Jetpack: from n/a before 12.7.\u003c/p\u003e"
            }
          ],
          "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-103",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-103 Clickjacking"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1021",
              "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-24T15:59:47.815Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to 12.7 or a higher version."
            }
          ],
          "value": "Update to 12.7 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Jetpack plugin \u003c 12.7 - Auth. Iframe Injection vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-47774",
    "datePublished": "2024-04-24T15:58:40.432Z",
    "dateReserved": "2023-11-09T21:00:01.699Z",
    "dateUpdated": "2024-08-02T21:16:43.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45050 (GCVE-0-2023-45050)

Vulnerability from nvd – Published: 2023-11-30 12:07 – Updated: 2025-06-05 13:22
VLAI?
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
Automattic Jetpack – WP Security, Backup, Speed, & Growth Affected: n/a , ≤ 12.8-a.1 (custom)
Create a notification for this product.
Credits
Rafie Muhammad (Patchstack)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:18.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
          },
          {
            "tags": [
              "third-party-advisory",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45050",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-05T13:22:32.043394Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-05T13:22:45.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "jetpack",
          "product": "Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth",
          "vendor": "Automattic",
          "versions": [
            {
              "changes": [
                {
                  "at": "12.8-a.3",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "12.8-a.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rafie Muhammad (Patchstack)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Automattic Jetpack \u2013 WP Security, Backup, Speed, \u0026amp; Growth allows Stored XSS.\u003cp\u003eThis issue affects Jetpack \u2013 WP Security, Backup, Speed, \u0026amp; Growth: from n/a through 12.8-a.1.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Automattic Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth allows Stored XSS.This issue affects Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth: from n/a through 12.8-a.1.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-592",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-592 Stored XSS"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-30T12:07:42.417Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
        },
        {
          "tags": [
            "third-party-advisory",
            "technical-description"
          ],
          "url": "https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to\u0026nbsp;12.8-a.3 or a higher version."
            }
          ],
          "value": "Update to\u00a012.8-a.3 or a higher version."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Jetpack Plugin \u003c= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-45050",
    "datePublished": "2023-11-30T12:07:42.417Z",
    "dateReserved": "2023-10-03T13:30:39.403Z",
    "dateUpdated": "2025-06-05T13:22:45.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2996 (GCVE-0-2023-2996)

Vulnerability from nvd – Published: 2023-06-27 13:17 – Updated: 2024-12-05 16:48
VLAI?
Summary
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Unknown Jetpack Affected: 1.9 , < 2.0.9 (custom)
Affected: 2.1 , < 2.1.7 (custom)
Affected: 2.2 , < 2.2.10 (custom)
Affected: 2.3 , < 2.3.10 (custom)
Affected: 2.4 , < 2.4.7 (custom)
Affected: 2.5 , < 2.5.5 (custom)
Affected: 2.6 , < 2.6.6 (custom)
Affected: 2.7 , < 2.7.5 (custom)
Affected: 2.8 , < 2.8.5 (custom)
Affected: 2.9 , < 2.9.6 (custom)
Affected: 3.0 , < 3.0.6 (custom)
Affected: 3.1 , < 3.1.5 (custom)
Affected: 3.2 , < 3.2.5 (custom)
Affected: 3.3 , < 3.3.6 (custom)
Affected: 3.4 , < 3.4.6 (custom)
Affected: 3.5 , < 3.5.6 (custom)
Affected: 3.6 , < 3.6.4 (custom)
Affected: 3.7 , < 3.7.5 (custom)
Affected: 3.8 , < 3.8.5 (custom)
Affected: 3.9 , < 3.9.9 (custom)
Affected: 4.0 , < 4.0.6 (custom)
Affected: 4.1 , < 4.1.3 (custom)
Affected: 4.2 , < 4.2.4 (custom)
Affected: 4.3 , < 4.3.4 (custom)
Affected: 4.4 , < 4.4.4 (custom)
Affected: 4.5 , < 4.5.2 (custom)
Affected: 4.6 , < 4.6.2 (custom)
Affected: 4.7 , < 4.7.3 (custom)
Affected: 4.8 , < 4.8.4 (custom)
Affected: 4.9 , < 4.9.2 (custom)
Affected: 5.0 , < 5.0.2 (custom)
Affected: 5.1 , < 5.1.3 (custom)
Affected: 5.2 , < 5.2.4 (custom)
Affected: 5.3 , < 5.3.3 (custom)
Affected: 5.4 , < 5.4.3 (custom)
Affected: 5.5 , < 5.5.4 (custom)
Affected: 5.6 , < 5.6.4 (custom)
Affected: 5.7 , < 5.7.4 (custom)
Affected: 5.8 , < 5.8.3 (custom)
Affected: 5.9 , < 5.9.3 (custom)
Affected: 6.0 , < 6.0.3 (custom)
Affected: 6.1 , < 6.1.4 (custom)
Affected: 6.2 , < 6.2.4 (custom)
Affected: 6.3 , < 6.3.6 (custom)
Affected: 6.4 , < 6.4.5 (custom)
Affected: 6.5 , < 6.5.3 (custom)
Affected: 6.6 , < 6.6.4 (custom)
Affected: 6.7 , < 6.7.3 (custom)
Affected: 6.8 , < 6.8.4 (custom)
Affected: 6.9 , < 6.9.3 (custom)
Affected: 7.0 , < 7.0.4 (custom)
Affected: 7.1 , < 7.1.4 (custom)
Affected: 7.2 , < 7.2.4 (custom)
Affected: 7.3 , < 7.3.4 (custom)
Affected: 7.4 , < 7.4.4 (custom)
Affected: 7.5 , < 7.5.6 (custom)
Affected: 7.6 , < 7.6.3 (custom)
Affected: 7.7 , < 7.7.5 (custom)
Affected: 7.8 , < 7.8.3 (custom)
Affected: 7.9 , < 7.9.3 (custom)
Affected: 8.0 , < 8.0.2 (custom)
Affected: 8.1 , < 8.1.3 (custom)
Affected: 8.2 , < 8.2.5 (custom)
Affected: 8.3 , < 8.3.2 (custom)
Affected: 8.4 , < 8.4.4 (custom)
Affected: 8.5 , < 8.5.2 (custom)
Affected: 8.6 , < 8.6.3 (custom)
Affected: 8.7 , < 8.7.3 (custom)
Affected: 8.8 , < 8.8.4 (custom)
Affected: 8.9 , < 8.9.3 (custom)
Affected: 9.0 , < 9.0.4 (custom)
Affected: 9.1 , < 9.1.2 (custom)
Affected: 9.2 , < 9.2.3 (custom)
Affected: 9.3 , < 9.3.4 (custom)
Affected: 9.4 , < 9.4.3 (custom)
Affected: 9.5 , < 9.5.4 (custom)
Affected: 9.6 , < 9.6.3 (custom)
Affected: 9.7 , < 9.7.2 (custom)
Affected: 9.8 , < 9.8.2 (custom)
Affected: 9.9 , < 9.9.2 (custom)
Affected: 10.0 , < 10.0.1 (custom)
Affected: 10.1 , < 10.1.1 (custom)
Affected: 10.2 , < 10.2.2 (custom)
Affected: 10.3 , < 10.3.1 (custom)
Affected: 10.4 , < 10.4.1 (custom)
Affected: 10.5 , < 10.5.2 (custom)
Affected: 10.6 , < 10.6.2 (custom)
Affected: 10.7 , < 10.7.1 (custom)
Affected: 10.8 , < 10.8.1 (custom)
Affected: 10.9 , < 10.9.2 (custom)
Affected: 11.0 , < 11.0.1 (custom)
Affected: 11.1 , < 11.1.3 (custom)
Affected: 11.2 , < 11.2.1 (custom)
Affected: 11.3 , < 11.3.3 (custom)
Affected: 11.4 , < 11.4.1 (custom)
Affected: 11.5 , < 11.5.2 (custom)
Affected: 11.6 , < 11.6.1 (custom)
Affected: 11.7 , < 11.7.2 (custom)
Affected: 11.8 , < 11.8.5 (custom)
Affected: 11.9 , < 11.9.2 (custom)
Affected: 12.0 , < 12.0.1 (custom)
Affected: 12.1 , < 12.1.1 (custom)
Create a notification for this product.
Credits
Miguel Neto WPScan
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:03.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "exploit",
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2996",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T16:47:57.983039Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T16:48:09.882Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "product": "Jetpack",
          "vendor": "Unknown",
          "versions": [
            {
              "lessThan": "2.0.9",
              "status": "affected",
              "version": "1.9",
              "versionType": "custom"
            },
            {
              "lessThan": "2.1.7",
              "status": "affected",
              "version": "2.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.2.10",
              "status": "affected",
              "version": "2.2",
              "versionType": "custom"
            },
            {
              "lessThan": "2.3.10",
              "status": "affected",
              "version": "2.3",
              "versionType": "custom"
            },
            {
              "lessThan": "2.4.7",
              "status": "affected",
              "version": "2.4",
              "versionType": "custom"
            },
            {
              "lessThan": "2.5.5",
              "status": "affected",
              "version": "2.5",
              "versionType": "custom"
            },
            {
              "lessThan": "2.6.6",
              "status": "affected",
              "version": "2.6",
              "versionType": "custom"
            },
            {
              "lessThan": "2.7.5",
              "status": "affected",
              "version": "2.7",
              "versionType": "custom"
            },
            {
              "lessThan": "2.8.5",
              "status": "affected",
              "version": "2.8",
              "versionType": "custom"
            },
            {
              "lessThan": "2.9.6",
              "status": "affected",
              "version": "2.9",
              "versionType": "custom"
            },
            {
              "lessThan": "3.0.6",
              "status": "affected",
              "version": "3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.5",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            },
            {
              "lessThan": "3.2.5",
              "status": "affected",
              "version": "3.2",
              "versionType": "custom"
            },
            {
              "lessThan": "3.3.6",
              "status": "affected",
              "version": "3.3",
              "versionType": "custom"
            },
            {
              "lessThan": "3.4.6",
              "status": "affected",
              "version": "3.4",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.6",
              "status": "affected",
              "version": "3.5",
              "versionType": "custom"
            },
            {
              "lessThan": "3.6.4",
              "status": "affected",
              "version": "3.6",
              "versionType": "custom"
            },
            {
              "lessThan": "3.7.5",
              "status": "affected",
              "version": "3.7",
              "versionType": "custom"
            },
            {
              "lessThan": "3.8.5",
              "status": "affected",
              "version": "3.8",
              "versionType": "custom"
            },
            {
              "lessThan": "3.9.9",
              "status": "affected",
              "version": "3.9",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.1.3",
              "status": "affected",
              "version": "4.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.2.4",
              "status": "affected",
              "version": "4.2",
              "versionType": "custom"
            },
            {
              "lessThan": "4.3.4",
              "status": "affected",
              "version": "4.3",
              "versionType": "custom"
            },
            {
              "lessThan": "4.4.4",
              "status": "affected",
              "version": "4.4",
              "versionType": "custom"
            },
            {
              "lessThan": "4.5.2",
              "status": "affected",
              "version": "4.5",
              "versionType": "custom"
            },
            {
              "lessThan": "4.6.2",
              "status": "affected",
              "version": "4.6",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.3",
              "status": "affected",
              "version": "4.7",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.4",
              "status": "affected",
              "version": "4.8",
              "versionType": "custom"
            },
            {
              "lessThan": "4.9.2",
              "status": "affected",
              "version": "4.9",
              "versionType": "custom"
            },
            {
              "lessThan": "5.0.2",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.1.3",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.4",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            },
            {
              "lessThan": "5.3.3",
              "status": "affected",
              "version": "5.3",
              "versionType": "custom"
            },
            {
              "lessThan": "5.4.3",
              "status": "affected",
              "version": "5.4",
              "versionType": "custom"
            },
            {
              "lessThan": "5.5.4",
              "status": "affected",
              "version": "5.5",
              "versionType": "custom"
            },
            {
              "lessThan": "5.6.4",
              "status": "affected",
              "version": "5.6",
              "versionType": "custom"
            },
            {
              "lessThan": "5.7.4",
              "status": "affected",
              "version": "5.7",
              "versionType": "custom"
            },
            {
              "lessThan": "5.8.3",
              "status": "affected",
              "version": "5.8",
              "versionType": "custom"
            },
            {
              "lessThan": "5.9.3",
              "status": "affected",
              "version": "5.9",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.3",
              "status": "affected",
              "version": "6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.4",
              "status": "affected",
              "version": "6.1",
              "versionType": "custom"
            },
            {
              "lessThan": "6.2.4",
              "status": "affected",
              "version": "6.2",
              "versionType": "custom"
            },
            {
              "lessThan": "6.3.6",
              "status": "affected",
              "version": "6.3",
              "versionType": "custom"
            },
            {
              "lessThan": "6.4.5",
              "status": "affected",
              "version": "6.4",
              "versionType": "custom"
            },
            {
              "lessThan": "6.5.3",
              "status": "affected",
              "version": "6.5",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.4",
              "status": "affected",
              "version": "6.6",
              "versionType": "custom"
            },
            {
              "lessThan": "6.7.3",
              "status": "affected",
              "version": "6.7",
              "versionType": "custom"
            },
            {
              "lessThan": "6.8.4",
              "status": "affected",
              "version": "6.8",
              "versionType": "custom"
            },
            {
              "lessThan": "6.9.3",
              "status": "affected",
              "version": "6.9",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.4",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.1.4",
              "status": "affected",
              "version": "7.1",
              "versionType": "custom"
            },
            {
              "lessThan": "7.2.4",
              "status": "affected",
              "version": "7.2",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.4",
              "status": "affected",
              "version": "7.3",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.4",
              "status": "affected",
              "version": "7.4",
              "versionType": "custom"
            },
            {
              "lessThan": "7.5.6",
              "status": "affected",
              "version": "7.5",
              "versionType": "custom"
            },
            {
              "lessThan": "7.6.3",
              "status": "affected",
              "version": "7.6",
              "versionType": "custom"
            },
            {
              "lessThan": "7.7.5",
              "status": "affected",
              "version": "7.7",
              "versionType": "custom"
            },
            {
              "lessThan": "7.8.3",
              "status": "affected",
              "version": "7.8",
              "versionType": "custom"
            },
            {
              "lessThan": "7.9.3",
              "status": "affected",
              "version": "7.9",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.2",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "8.1.3",
              "status": "affected",
              "version": "8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "8.2.5",
              "status": "affected",
              "version": "8.2",
              "versionType": "custom"
            },
            {
              "lessThan": "8.3.2",
              "status": "affected",
              "version": "8.3",
              "versionType": "custom"
            },
            {
              "lessThan": "8.4.4",
              "status": "affected",
              "version": "8.4",
              "versionType": "custom"
            },
            {
              "lessThan": "8.5.2",
              "status": "affected",
              "version": "8.5",
              "versionType": "custom"
            },
            {
              "lessThan": "8.6.3",
              "status": "affected",
              "version": "8.6",
              "versionType": "custom"
            },
            {
              "lessThan": "8.7.3",
              "status": "affected",
              "version": "8.7",
              "versionType": "custom"
            },
            {
              "lessThan": "8.8.4",
              "status": "affected",
              "version": "8.8",
              "versionType": "custom"
            },
            {
              "lessThan": "8.9.3",
              "status": "affected",
              "version": "8.9",
              "versionType": "custom"
            },
            {
              "lessThan": "9.0.4",
              "status": "affected",
              "version": "9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.1.2",
              "status": "affected",
              "version": "9.1",
              "versionType": "custom"
            },
            {
              "lessThan": "9.2.3",
              "status": "affected",
              "version": "9.2",
              "versionType": "custom"
            },
            {
              "lessThan": "9.3.4",
              "status": "affected",
              "version": "9.3",
              "versionType": "custom"
            },
            {
              "lessThan": "9.4.3",
              "status": "affected",
              "version": "9.4",
              "versionType": "custom"
            },
            {
              "lessThan": "9.5.4",
              "status": "affected",
              "version": "9.5",
              "versionType": "custom"
            },
            {
              "lessThan": "9.6.3",
              "status": "affected",
              "version": "9.6",
              "versionType": "custom"
            },
            {
              "lessThan": "9.7.2",
              "status": "affected",
              "version": "9.7",
              "versionType": "custom"
            },
            {
              "lessThan": "9.8.2",
              "status": "affected",
              "version": "9.8",
              "versionType": "custom"
            },
            {
              "lessThan": "9.9.2",
              "status": "affected",
              "version": "9.9",
              "versionType": "custom"
            },
            {
              "lessThan": "10.0.1",
              "status": "affected",
              "version": "10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "10.1.1",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            },
            {
              "lessThan": "10.3.1",
              "status": "affected",
              "version": "10.3",
              "versionType": "custom"
            },
            {
              "lessThan": "10.4.1",
              "status": "affected",
              "version": "10.4",
              "versionType": "custom"
            },
            {
              "lessThan": "10.5.2",
              "status": "affected",
              "version": "10.5",
              "versionType": "custom"
            },
            {
              "lessThan": "10.6.2",
              "status": "affected",
              "version": "10.6",
              "versionType": "custom"
            },
            {
              "lessThan": "10.7.1",
              "status": "affected",
              "version": "10.7",
              "versionType": "custom"
            },
            {
              "lessThan": "10.8.1",
              "status": "affected",
              "version": "10.8",
              "versionType": "custom"
            },
            {
              "lessThan": "10.9.2",
              "status": "affected",
              "version": "10.9",
              "versionType": "custom"
            },
            {
              "lessThan": "11.0.1",
              "status": "affected",
              "version": "11.0",
              "versionType": "custom"
            },
            {
              "lessThan": "11.1.3",
              "status": "affected",
              "version": "11.1",
              "versionType": "custom"
            },
            {
              "lessThan": "11.2.1",
              "status": "affected",
              "version": "11.2",
              "versionType": "custom"
            },
            {
              "lessThan": "11.3.3",
              "status": "affected",
              "version": "11.3",
              "versionType": "custom"
            },
            {
              "lessThan": "11.4.1",
              "status": "affected",
              "version": "11.4",
              "versionType": "custom"
            },
            {
              "lessThan": "11.5.2",
              "status": "affected",
              "version": "11.5",
              "versionType": "custom"
            },
            {
              "lessThan": "11.6.1",
              "status": "affected",
              "version": "11.6",
              "versionType": "custom"
            },
            {
              "lessThan": "11.7.2",
              "status": "affected",
              "version": "11.7",
              "versionType": "custom"
            },
            {
              "lessThan": "11.8.5",
              "status": "affected",
              "version": "11.8",
              "versionType": "custom"
            },
            {
              "lessThan": "11.9.2",
              "status": "affected",
              "version": "11.9",
              "versionType": "custom"
            },
            {
              "lessThan": "12.0.1",
              "status": "affected",
              "version": "12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "12.1.1",
              "status": "affected",
              "version": "12.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Miguel Neto"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "WPScan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-27T13:17:07.479Z",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Jetpack \u003c 12.1.1 - Author+ Arbitrary File Manipulation via API",
      "x_generator": {
        "engine": "WPScan CVE Generator"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2023-2996",
    "datePublished": "2023-06-27T13:17:07.479Z",
    "dateReserved": "2023-05-30T19:10:08.911Z",
    "dateUpdated": "2024-12-05T16:48:09.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24374 (GCVE-0-2021-24374)

Vulnerability from nvd – Published: 2021-06-21 19:18 – Updated: 2024-08-03 19:28
VLAI?
Summary
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
Severity ?
No CVSS data available.
CWE
  • CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
Automattic Jetpack – WP Security, Backup, Speed, & Growth Affected: 9.8 , < 9.8 (custom)
Create a notification for this product.
Credits
nguyenhg_vcs
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:23.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth",
          "vendor": "Automattic",
          "versions": [
            {
              "lessThan": "9.8",
              "status": "affected",
              "version": "9.8",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "nguyenhg_vcs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a \"carousel\" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-21T19:18:21",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Jetpack \u003c 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24374",
          "STATE": "PUBLIC",
          "TITLE": "Jetpack \u003c 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jetpack \u2013 WP Security, Backup, Speed, \u0026 Growth",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "9.8",
                            "version_value": "9.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Automattic"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "nguyenhg_vcs"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a \"carousel\" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-639 Authorization Bypass Through User-Controlled Key"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33"
            },
            {
              "name": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/",
              "refsource": "MISC",
              "url": "https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24374",
    "datePublished": "2021-06-21T19:18:21",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:28:23.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-9359 (GCVE-0-2015-9359)

Vulnerability from nvd – Published: 2019-08-28 14:23 – Updated: 2024-08-06 08:51
VLAI?
Summary
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:51:03.332Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg()."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-28T14:23:20",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-9359",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg()."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html",
              "refsource": "MISC",
              "url": "https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html"
            },
            {
              "name": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/",
              "refsource": "MISC",
              "url": "https://jetpack.com/2015/04/20/jetpack-3-4-3-coordinated-security-update/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-9359",
    "datePublished": "2019-08-28T14:23:20",
    "dateReserved": "2019-08-28T00:00:00",
    "dateUpdated": "2024-08-06T08:51:03.332Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}