Lucene search
Jetpack ScanWPVDB-ID:08A8A51C-49D3-4BCE-B7E0-E365AF1D8F33HistoryJun 03, 2021 - 12:00 a.m.
Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak
2021-06-0300:00:00
Jetpack Scan
wpscan.com
5
0.001 Low
EPSS
Percentile
46.5%
The Jetpack Carousel module allows users to create a “carousel” type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked. Please refer to the Proof of Concept (PoC) of this vulnerability for further technical details.
PoC
By changing the “id” parameter of the POST request to a valid media attachment id on a page/post that was not public, it was possible to leak the non-public comments. http://example.com/wp-admin/admin-ajax.php?action=get_attachment_comments&nonce;=4aadefa6ee&id;=28&offset;=0
Related
wpexploit
wpexploit
patchstack
patchstack
osv
osv
JetPack Exposure of Resource to Wrong Sphere
2022-05-24 19:05:47
cvelist
cvelist
gitlab
gitlab
Exposure of Resource to Wrong Sphere
2021-06-21 00:00:00
cve
cve
CVE-2021-24374
2021-06-21 20:15:08
prion
prion
Design/Logic Flaw
2021-06-21 20:15:00
openvas
openvas
WordPress JetPack Plugin < 9.8 IDOR Vulnerability
2023-04-26 00:00:00
nvd
nvd
CVE-2021-24374
2021-06-21 20:15:08
github
github
JetPack Exposure of Resource to Wrong Sphere
2022-05-24 19:05:47