3 matches found
WordPress Jetpack plugin < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution vulnerability
Unauthenticated Arbitrary Block & Shortcode Execution vulnerability discovered by Marc Montpas in WordPress Plugin Jetpack versions 13.8...
CVE-2024-10075 Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...
CVE-2024-10075
The CVE-2024-10075 entry concerns the WordPress Jetpack plugin (pre-13.8). The vulnerability arises from insufficient access control on posts created by the Contact Form, allowing unauthenticated users to access those posts and potentially execute arbitrary shortcodes. The underlying impact is th...