CVE-2021-24374

Опубликовано: 21 июн. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.

Ссылки

https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/
Release Notes
Vendor Advisory
https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33
Exploit
Third Party Advisory
https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/
Release Notes
Vendor Advisory
https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*

Версия до 9.8 (исключая)

EPSS

Процентиль: 73%

0.00789

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-5hr6-r8h6-wh22