5.3
CVE-2021-24374
- EPSS 0.79%
- Veröffentlicht 21.06.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:52:56
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginJetPack <= 9.7 - Information Disclosure
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
Mögliche Gegenmaßnahme
Jetpack – WP Security, Backup, Speed, & Growth: Update to one of the following versions, or a newer patched version: 2.0.8, 2.1.6, 2.2.9, 2.3.9, 2.4.6, 2.5.4, 2.6.5, 2.7.4, 2.8.4, 2.9.5, 3.0.5, 3.1.4, 3.2.4, 3.3.5, 3.4.5, 3.5.5, 3.6.3, 3.7.4, 3.8.4, 3.9.8, 4.0.5, 4.1.2, 4.2.3, 4.3.3, 4.4.3, 4.5.1, 4.6.1, 4.7.2, 4.8.3, 4.9.1, 5.0.1, 5.1.2, 5.2.3, 5.3.2, 5.4.2, 5.5.3, 5.6.3, 5.7.3, 5.8.2, 5.9.2, 6.0.2, 6.1.3, 6.2.3, 6.3.5, 6.4.4, 6.5.2, 6.6.3, 6.7.2, 6.8.3, 6.9.2, 7.0.3, 7.1.3, 7.2.3, 7.3.3, 7.4.3, 7.5.5, 7.6.2, 7.7.4, 7.8.2, 7.9.2, 8.0.1, 8.1.2, 8.2.4, 8.3.1, 8.4.3, 8.5.1, 8.6.2, 8.7.2, 8.8.3, 8.9.2, 9.0.3, 9.1.1, 9.2.2, 9.3.3, 9.4.2, 9.5.3, 9.6.2, 9.7.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Jetpack – WP Security, Backup, Speed, & Growth
Version
[2.0, 2.0.8)
Version
[2.1, 2.1.6)
Version
[2.2, 2.2.9)
Version
[2.3, 2.3.9)
Version
[2.4, 2.4.6)
Version
[2.5, 2.5.4)
Version
[2.6, 2.6.5)
Version
[2.7, 2.7.4)
Version
[2.8, 2.8.4)
Version
[2.9, 2.9.5)
Version
[3.0, 3.0.5)
Version
[3.1, 3.1.4)
Version
[3.2, 3.2.4)
Version
[3.3, 3.3.5)
Version
[3.4, 3.4.5)
Version
[3.5, 3.5.5)
Version
[3.6, 3.6.3)
Version
[3.7, 3.7.4)
Version
[3.8, 3.8.4)
Version
[3.9, 3.9.8)
Version
[4.0, 4.0.5)
Version
[4.1, 4.1.2)
Version
[4.2, 4.2.3)
Version
[4.3, 4.3.3)
Version
[4.4, 4.4.3)
Version
[4.5, 4.5.1)
Version
[4.6, 4.6.1)
Version
[4.7, 4.7.2)
Version
[4.8, 4.8.3)
Version
[4.9, 4.9.1)
Version
[5.0, 5.0.1)
Version
[5.1, 5.1.2)
Version
[5.2, 5.2.3)
Version
[5.3, 5.3.2)
Version
[5.4, 5.4.2)
Version
[5.5, 5.5.3)
Version
[5.6, 5.6.3)
Version
[5.7, 5.7.3)
Version
[5.8, 5.8.2)
Version
[5.9, 5.9.2)
Version
[6.0, 6.0.2)
Version
[6.1, 6.1.3)
Version
[6.2, 6.2.3)
Version
[6.3, 6.3.5)
Version
[6.4, 6.4.4)
Version
[6.5, 6.5.2)
Version
[6.6, 6.6.3)
Version
[6.7, 6.7.2)
Version
[6.8, 6.8.3)
Version
[6.9, 6.9.2)
Version
[7.0, 7.0.3)
Version
[7.1, 7.1.3)
Version
[7.2, 7.2.3)
Version
[7.3, 7.3.3)
Version
[7.4, 7.4.3)
Version
[7.5, 7.5.5)
Version
[7.6, 7.6.2)
Version
[7.7, 7.7.4)
Version
[7.8, 7.8.2)
Version
[7.9, 7.9.2)
Version
[8.0, 8.0.1)
Version
[8.1, 8.1.2)
Version
[8.2, 8.2.4)
Version
[8.3, 8.3.1)
Version
[8.4, 8.4.3)
Version
[8.5, 8.5.1)
Version
[8.6, 8.6.2)
Version
[8.7, 8.7.2)
Version
[8.8, 8.8.3)
Version
[8.9, 8.9.2)
Version
[9.0, 9.0.3)
Version
[9.1, 9.1.1)
Version
[9.2, 9.2.2)
Version
[9.3, 9.3.3)
Version
[9.4, 9.4.2)
Version
[9.5, 9.5.3)
Version
[9.6, 9.6.2)
Version
[9.7, 9.7.1)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Automattic ≫ Jetpack SwPlatformwordpress Version < 9.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.79% | 0.731 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.