4 matches found
CVE-2024-9926 Jetpack < 13.9.1 - Subscriber+ Arbitrary Feedback Access
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form...
CVE-2024-9926
creationtimestamp| type| source ---|---|--- 2024-11-01 20:26:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8922 2024-11-07 15:07:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113442293015659790 2024-11-07 16:56:07+00:00| seen| https://t.me/cvedetector/10094...
Exploit for CVE-2024-9926
wordpress-jetpack-broken-access-control-vulnerable-application...
WordPress Jetpack Plugin < 13.9.1 is vulnerable to Broken Access Control
Software Jetpack Type Plugin Vulnerable versions 13.9.1 Fixed in 13.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9926 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 675e1d99d774 Credits Marc Montpas Required privilege...