CVE-2024-9926

Summary

The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form

Affected Software

VendorProductVersion RangeStatus
UnknownJetpack13.9 < 13.9.1affected
UnknownJetpack13.8 < 13.8.2affected
UnknownJetpack13.7 < 13.7.1affected
UnknownJetpack13.6 < 13.6.1affected
UnknownJetpack13.5 < 13.5.1affected
UnknownJetpack13.4 < 13.4.4affected
UnknownJetpack13.3 < 13.3.2affected
UnknownJetpack13.2 < 13.2.3affected
UnknownJetpack13.1 < 13.1.4affected
UnknownJetpack13.0 < 13.0.1affected
UnknownJetpack12.9 < 12.9.4affected
UnknownJetpack12.8 < 12.8.2affected
UnknownJetpack12.7 < 12.7.2affected
UnknownJetpack12.6 < 12.6.3affected
UnknownJetpack12.5 < 12.5.1affected
UnknownJetpack12.4 < 12.4.1affected
UnknownJetpack12.3 < 12.3.1affected
UnknownJetpack12.2 < 12.2.2affected
UnknownJetpack12.1 < 12.1.2affected
UnknownJetpack12.0 < 12.0.2affected
UnknownJetpack11.9 < 11.9.3affected
UnknownJetpack11.8 < 11.8.6affected
UnknownJetpack11.7 < 11.7.3affected
UnknownJetpack11.6 < 11.6.2affected
UnknownJetpack11.5 < 11.5.3affected
UnknownJetpack11.4 < 11.4.2affected
UnknownJetpack11.3 < 11.3.4affected
UnknownJetpack11.2 < 11.2.2affected
UnknownJetpack11.1 < 11.1.4affected
UnknownJetpack11.0 < 11.0.2affected
UnknownJetpack10.9 < 10.9.3affected
UnknownJetpack10.8 < 10.8.2affected
UnknownJetpack10.7 < 10.7.2affected
UnknownJetpack10.6 < 10.6.2affected
UnknownJetpack10.5 < 10.5.3affected
UnknownJetpack10.4 < 10.4.2affected
UnknownJetpack10.3 < 10.3.2affected
UnknownJetpack10.2 < 10.2.3affected
UnknownJetpack10.1 < 10.1.2affected
UnknownJetpack10.0 < 10.0.2affected
UnknownJetpack9.9 < 9.9.3affected
UnknownJetpack9.8 < 9.8.3affected
UnknownJetpack9.7 < 9.7.3affected
UnknownJetpack9.6 < 9.6.4affected
UnknownJetpack9.5 < 9.5.5affected
UnknownJetpack9.4 < 9.4.4affected
UnknownJetpack9.3 < 9.3.5affected
UnknownJetpack9.2 < 9.2.4affected
UnknownJetpack9.1 < 9.1.3affected
UnknownJetpack9.0 < 9.0.5affected
UnknownJetpack8.9 < 8.9.4affected
UnknownJetpack8.8 < 8.8.5affected
UnknownJetpack8.7 < 8.7.4affected
UnknownJetpack8.6 < 8.6.4affected
UnknownJetpack8.5 < 8.5.3affected
UnknownJetpack8.4 < 8.4.5affected
UnknownJetpack8.3 < 8.3.3affected
UnknownJetpack8.2 < 8.2.6affected
UnknownJetpack8.1 < 8.1.4affected
UnknownJetpack8.0 < 8.0.3affected
UnknownJetpack7.9 < 7.9.4affected
UnknownJetpack7.8 < 7.8.4affected
UnknownJetpack7.7 < 7.7.6affected
UnknownJetpack7.6 < 7.6.4affected
UnknownJetpack7.5 < 7.5.7affected
UnknownJetpack7.4 < 7.4.5affected
UnknownJetpack7.3 < 7.3.5affected
UnknownJetpack7.2 < 7.2.5affected
UnknownJetpack7.1 < 7.1.5affected
UnknownJetpack7.0 < 7.0.5affected
UnknownJetpack6.9 < 6.9.4affected
UnknownJetpack6.8 < 6.8.5affected
UnknownJetpack6.7 < 6.7.4affected
UnknownJetpack6.6 < 6.6.5affected
UnknownJetpack6.5 < 6.5.4affected
UnknownJetpack6.4 < 6.4.6affected
UnknownJetpack6.3 < 6.3.7affected
UnknownJetpack6.2 < 6.2.5affected
UnknownJetpack6.1 < 6.1.5affected
UnknownJetpack6.0 < 6.0.4affected
UnknownJetpack5.9 < 5.9.4affected
UnknownJetpack5.8 < 5.8.4affected
UnknownJetpack5.7 < 5.7.5affected
UnknownJetpack5.6 < 5.6.5affected
UnknownJetpack5.5 < 5.5.5affected
UnknownJetpack5.4 < 5.4.4affected
UnknownJetpack5.3 < 5.3.4affected
UnknownJetpack5.2 < 5.2.5affected
UnknownJetpack5.1 < 5.1.4affected
UnknownJetpack5.0 < 5.0.3affected
UnknownJetpack4.9 < 4.9.3affected
UnknownJetpack4.8 < 4.8.5affected
UnknownJetpack4.7 < 4.7.4affected
UnknownJetpack4.6 < 4.6.3affected
UnknownJetpack4.5 < 4.5.3affected
UnknownJetpack4.4 < 4.4.5affected
UnknownJetpack4.3 < 4.3.5affected
UnknownJetpack4.2 < 4.2.5affected
UnknownJetpack4.1.0 < 4.1.4affected
UnknownJetpack4.0.0 < 4.0.7affected
UnknownJetpack3.9.2 < 3.9.10affected

Weaknesses

  • CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References