Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2014-0173
HistoryApr 22, 2014 - 1:06 p.m.

CVE-2014-0173

2014-04-2213:06:27
CWE-264
[email protected]
web.nvd.nist.gov
23
jetpack plugin
wordpress
cve-2014-0173
security vulnerability
xml-rpc
remote attack

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

75.5%

JSON

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD
Node
automatticjetpackMatch1.9wordpress
OR
automatticjetpackMatch1.9.1wordpress
OR
automatticjetpackMatch1.9.2wordpress
OR
automatticjetpackMatch2.0wordpress
OR
automatticjetpackMatch2.0.1wordpress
OR
automatticjetpackMatch2.0.2wordpress
OR
automatticjetpackMatch2.0.3wordpress
OR
automatticjetpackMatch2.0.4wordpress
OR
automatticjetpackMatch2.1wordpress
OR
automatticjetpackMatch2.1.1wordpress
OR
automatticjetpackMatch2.1.2wordpress
OR
automatticjetpackMatch2.2wordpress
OR
automatticjetpackMatch2.2.1wordpress
OR
automatticjetpackMatch2.2.2wordpress
OR
automatticjetpackMatch2.2.3wordpress
OR
automatticjetpackMatch2.2.4wordpress
OR
automatticjetpackMatch2.2.5wordpress
OR
automatticjetpackMatch2.3wordpress
OR
automatticjetpackMatch2.3.1wordpress
OR
automatticjetpackMatch2.3.2wordpress
OR
automatticjetpackMatch2.3.3wordpress
OR
automatticjetpackMatch2.3.4wordpress
OR
automatticjetpackMatch2.3.5wordpress
OR
automatticjetpackMatch2.4wordpress
OR
automatticjetpackMatch2.4.1wordpress
OR
automatticjetpackMatch2.4.2wordpress
OR
automatticjetpackMatch2.5wordpress
OR
automatticjetpackMatch2.6wordpress
OR
automatticjetpackMatch2.6.1wordpress
OR
automatticjetpackMatch2.7wordpress
OR
automatticjetpackMatch2.8wordpress
OR
automatticjetpackMatch2.9wordpress
OR
automatticjetpackMatch2.9.1wordpress
OR
automatticjetpackMatch2.9.2wordpress
OR
automatticjetpackMatch2.9.3wordpress

Related

patchstack 1
veracode 1
nessus 1
prion 1
wpvulndb 1
seebug 1
cvelist 1
nvd 1
patchstack
patchstack
WordPress Jetpack Plugin <= 2.9.2 - Security BYPASS
2013-12-03 00:00:00
veracode
veracode
Security Bypass
2017-07-14 10:34:26
nessus
nessus
Jetpack Plugin for WordPress Security Bypass
2014-04-23 00:00:00
prion
prion
Information disclosure
2014-04-22 13:06:00
wpvulndb
wpvulndb
Jetpack <= 2.9.2 - class.jetpack.php XML-RPC Access Control Bypass
2014-08-01 10:59:13
seebug
seebug
WordPress Jetpackๆ’ไปถๅฎ‰ๅ…จ็ป•่ฟ‡ๆผๆดž
2014-04-17 00:00:00
cvelist
cvelist
CVE-2014-0173
2014-04-21 14:00:00
nvd
nvd
CVE-2014-0173
2014-04-22 13:06:27

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.005 Low

EPSS

Percentile

75.5%

JSON
Related for CVE-2014-0173
patchstack1veracode1nessus1prion1wpvulndb1seebug1cvelist1nvd1