exploitDog

CVE-2024-10858

Опубликовано: 25 дек. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.

Ссылки

https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*

Версия до 14.1 (исключая)

EPSS

Процентиль: 23%

0.00077

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-pjm4-fjw9-x2fh

CVSS3: 6.1

github

около 1 года назад

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.

EPSS

Процентиль: 23%

0.00077

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79