Lucene search

[email protected]CVE-2023-47774

HistoryApr 24, 2024 - 4:15 p.m.

CVE-2023-47774

2024-04-2416:15:08

CWE-1021

[email protected]

web.nvd.nist.gov

cve-2023-47774

reserved

future

security

announcement

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.

Affected configurations

Vulners

Node

automatticjetpackRange<12.7

VendorProductVersionCPE
automatticjetpack*cpe:2.3:a:automattic:jetpack:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
automattic	jetpack	*	cpe:2.3:a:automattic:jetpack::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "jetpack",
    "product": "Jetpack",
    "vendor": "Automattic",
    "versions": [
      {
        "changes": [
          {
            "at": "12.7",
            "status": "unaffected"
          }
        ],
        "lessThan": "12.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-47774

wpvulndb1 cvelist1 nvd1 wordfence1