CVE-2024-9926
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Jetpack | 13.9 < 13.9.1 | affected |
| Unknown | Jetpack | 13.8 < 13.8.2 | affected |
| Unknown | Jetpack | 13.7 < 13.7.1 | affected |
| Unknown | Jetpack | 13.6 < 13.6.1 | affected |
| Unknown | Jetpack | 13.5 < 13.5.1 | affected |
| Unknown | Jetpack | 13.4 < 13.4.4 | affected |
| Unknown | Jetpack | 13.3 < 13.3.2 | affected |
| Unknown | Jetpack | 13.2 < 13.2.3 | affected |
| Unknown | Jetpack | 13.1 < 13.1.4 | affected |
| Unknown | Jetpack | 13.0 < 13.0.1 | affected |
| Unknown | Jetpack | 12.9 < 12.9.4 | affected |
| Unknown | Jetpack | 12.8 < 12.8.2 | affected |
| Unknown | Jetpack | 12.7 < 12.7.2 | affected |
| Unknown | Jetpack | 12.6 < 12.6.3 | affected |
| Unknown | Jetpack | 12.5 < 12.5.1 | affected |
| Unknown | Jetpack | 12.4 < 12.4.1 | affected |
| Unknown | Jetpack | 12.3 < 12.3.1 | affected |
| Unknown | Jetpack | 12.2 < 12.2.2 | affected |
| Unknown | Jetpack | 12.1 < 12.1.2 | affected |
| Unknown | Jetpack | 12.0 < 12.0.2 | affected |
| Unknown | Jetpack | 11.9 < 11.9.3 | affected |
| Unknown | Jetpack | 11.8 < 11.8.6 | affected |
| Unknown | Jetpack | 11.7 < 11.7.3 | affected |
| Unknown | Jetpack | 11.6 < 11.6.2 | affected |
| Unknown | Jetpack | 11.5 < 11.5.3 | affected |
| Unknown | Jetpack | 11.4 < 11.4.2 | affected |
| Unknown | Jetpack | 11.3 < 11.3.4 | affected |
| Unknown | Jetpack | 11.2 < 11.2.2 | affected |
| Unknown | Jetpack | 11.1 < 11.1.4 | affected |
| Unknown | Jetpack | 11.0 < 11.0.2 | affected |
| Unknown | Jetpack | 10.9 < 10.9.3 | affected |
| Unknown | Jetpack | 10.8 < 10.8.2 | affected |
| Unknown | Jetpack | 10.7 < 10.7.2 | affected |
| Unknown | Jetpack | 10.6 < 10.6.2 | affected |
| Unknown | Jetpack | 10.5 < 10.5.3 | affected |
| Unknown | Jetpack | 10.4 < 10.4.2 | affected |
| Unknown | Jetpack | 10.3 < 10.3.2 | affected |
| Unknown | Jetpack | 10.2 < 10.2.3 | affected |
| Unknown | Jetpack | 10.1 < 10.1.2 | affected |
| Unknown | Jetpack | 10.0 < 10.0.2 | affected |
| Unknown | Jetpack | 9.9 < 9.9.3 | affected |
| Unknown | Jetpack | 9.8 < 9.8.3 | affected |
| Unknown | Jetpack | 9.7 < 9.7.3 | affected |
| Unknown | Jetpack | 9.6 < 9.6.4 | affected |
| Unknown | Jetpack | 9.5 < 9.5.5 | affected |
| Unknown | Jetpack | 9.4 < 9.4.4 | affected |
| Unknown | Jetpack | 9.3 < 9.3.5 | affected |
| Unknown | Jetpack | 9.2 < 9.2.4 | affected |
| Unknown | Jetpack | 9.1 < 9.1.3 | affected |
| Unknown | Jetpack | 9.0 < 9.0.5 | affected |
| Unknown | Jetpack | 8.9 < 8.9.4 | affected |
| Unknown | Jetpack | 8.8 < 8.8.5 | affected |
| Unknown | Jetpack | 8.7 < 8.7.4 | affected |
| Unknown | Jetpack | 8.6 < 8.6.4 | affected |
| Unknown | Jetpack | 8.5 < 8.5.3 | affected |
| Unknown | Jetpack | 8.4 < 8.4.5 | affected |
| Unknown | Jetpack | 8.3 < 8.3.3 | affected |
| Unknown | Jetpack | 8.2 < 8.2.6 | affected |
| Unknown | Jetpack | 8.1 < 8.1.4 | affected |
| Unknown | Jetpack | 8.0 < 8.0.3 | affected |
| Unknown | Jetpack | 7.9 < 7.9.4 | affected |
| Unknown | Jetpack | 7.8 < 7.8.4 | affected |
| Unknown | Jetpack | 7.7 < 7.7.6 | affected |
| Unknown | Jetpack | 7.6 < 7.6.4 | affected |
| Unknown | Jetpack | 7.5 < 7.5.7 | affected |
| Unknown | Jetpack | 7.4 < 7.4.5 | affected |
| Unknown | Jetpack | 7.3 < 7.3.5 | affected |
| Unknown | Jetpack | 7.2 < 7.2.5 | affected |
| Unknown | Jetpack | 7.1 < 7.1.5 | affected |
| Unknown | Jetpack | 7.0 < 7.0.5 | affected |
| Unknown | Jetpack | 6.9 < 6.9.4 | affected |
| Unknown | Jetpack | 6.8 < 6.8.5 | affected |
| Unknown | Jetpack | 6.7 < 6.7.4 | affected |
| Unknown | Jetpack | 6.6 < 6.6.5 | affected |
| Unknown | Jetpack | 6.5 < 6.5.4 | affected |
| Unknown | Jetpack | 6.4 < 6.4.6 | affected |
| Unknown | Jetpack | 6.3 < 6.3.7 | affected |
| Unknown | Jetpack | 6.2 < 6.2.5 | affected |
| Unknown | Jetpack | 6.1 < 6.1.5 | affected |
| Unknown | Jetpack | 6.0 < 6.0.4 | affected |
| Unknown | Jetpack | 5.9 < 5.9.4 | affected |
| Unknown | Jetpack | 5.8 < 5.8.4 | affected |
| Unknown | Jetpack | 5.7 < 5.7.5 | affected |
| Unknown | Jetpack | 5.6 < 5.6.5 | affected |
| Unknown | Jetpack | 5.5 < 5.5.5 | affected |
| Unknown | Jetpack | 5.4 < 5.4.4 | affected |
| Unknown | Jetpack | 5.3 < 5.3.4 | affected |
| Unknown | Jetpack | 5.2 < 5.2.5 | affected |
| Unknown | Jetpack | 5.1 < 5.1.4 | affected |
| Unknown | Jetpack | 5.0 < 5.0.3 | affected |
| Unknown | Jetpack | 4.9 < 4.9.3 | affected |
| Unknown | Jetpack | 4.8 < 4.8.5 | affected |
| Unknown | Jetpack | 4.7 < 4.7.4 | affected |
| Unknown | Jetpack | 4.6 < 4.6.3 | affected |
| Unknown | Jetpack | 4.5 < 4.5.3 | affected |
| Unknown | Jetpack | 4.4 < 4.4.5 | affected |
| Unknown | Jetpack | 4.3 < 4.3.5 | affected |
| Unknown | Jetpack | 4.2 < 4.2.5 | affected |
| Unknown | Jetpack | 4.1.0 < 4.1.4 | affected |
| Unknown | Jetpack | 4.0.0 < 4.0.7 | affected |
| Unknown | Jetpack | 3.9.2 < 3.9.10 | affected |
Weaknesses
- CWE-863 Incorrect Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.