Lucene search

K
wpvulndbWpvulndbWPVDB-ID:CCE4AC0A-777F-4DDE-B86E-614A224DBF6E
HistoryNov 24, 2023 - 12:00 a.m.

Jetpack < 12.7 - Improper Authorization via WPCom External Media REST endpoints

2023-11-2400:00:00
wpscan.com
4
jetpack
wordpress
vulnerable
data modification
authorization
rest endpoint

6.7 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

Description The Jetpack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the WPCom External Media REST permission_callback function in versions up to and including 12.6.2. This makes it possible for authenticated attackers, with contributor-level access and above, to import external media even without the upload_files capability.

CPENameOperatorVersion
eq12.7

6.7 Medium

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

Related for WPVDB-ID:CCE4AC0A-777F-4DDE-B86E-614A224DBF6E