CVE-2021-24374
N/A
N/A
Summary
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Automattic | Jetpack – WP Security, Backup, Speed, & Growth | 9.8 < 9.8 | affected |
Weaknesses
- CWE-639: CWE-639 Authorization Bypass Through User-Controlled Key
ADP Enrichment
CVE Program Container
Additional References
- https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33
- https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/
References
- https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33
- https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.