Lucene search

K
wpvulndbJetpack ScanWPVDB-ID:08A8A51C-49D3-4BCE-B7E0-E365AF1D8F33
HistoryJun 03, 2021 - 12:00 a.m.

Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak

2021-06-0300:00:00
Jetpack Scan
wpscan.com
5

0.001 Low

EPSS

Percentile

46.4%

The Jetpack Carousel module allows users to create a “carousel” type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked. Please refer to the Proof of Concept (PoC) of this vulnerability for further technical details.

PoC

By changing the “id” parameter of the POST request to a valid media attachment id on a page/post that was not public, it was possible to leak the non-public comments. http://example.com/wp-admin/admin-ajax.php?action=get_attachment_comments&amp;nonce;=4aadefa6ee&amp;id;=28&amp;offset;=0

CPENameOperatorVersion
jetpacklt9.8

0.001 Low

EPSS

Percentile

46.4%

Related for WPVDB-ID:08A8A51C-49D3-4BCE-B7E0-E365AF1D8F33