- Description
- The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.
- Source
- contact@wpscan.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2024-10858 DOM-XSS Vulnerability in Jetpack WordPress Plugin Versions Before 14.1 The Jetpack WordPress plugin versions before 14.1 have a problem where they do not check the postmessage origin in versions 13... https://t.co/bc6hUqmU5W
@VulmonFeeds
25 Dec 2024
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10858 The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The… https://t.co/HI6nP9cK2K
@CVEnew
25 Dec 2024
752 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes