Overview
- Description
- The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
- Source
- contact@wpscan.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
CVE-2024-9926 Unauthorized Data Exposure in Jetpack WordPress Plugin's REST Endpoint The Jetpack WordPress plugin has a flaw in one of its REST endpoints. This allows any logged-in user, even a subscriber, to acc... https://t.co/XbtO5V0fLR
@VulmonFeeds
7 Nov 2024
45 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-9926 The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feed… https://t.co/nFuUH172JW
@CVEnew
7 Nov 2024
297 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes