CVE-2024-9926

EUVD-2024-50216
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
automatticjetpack
13.9.1 <
𝑥
< 13.9.1
automatticjetpack
13.8.2 <
𝑥
< 13.8.2
automatticjetpack
13.7.1 <
𝑥
< 13.7.1
automatticjetpack
13.6.1 <
𝑥
< 13.6.1
automatticjetpack
13.5.1 <
𝑥
< 13.5.1
automatticjetpack
13.4.4 <
𝑥
< 13.4.4
automatticjetpack
13.3.2 <
𝑥
< 13.3.2
automatticjetpack
13.2.3 <
𝑥
< 13.2.3
automatticjetpack
13.1.4 <
𝑥
< 13.1.4
automatticjetpack
13.0.1 <
𝑥
< 13.0.1
automatticjetpack
12.9.4 <
𝑥
< 12.9.4
automatticjetpack
12.8.2 <
𝑥
< 12.8.2
automatticjetpack
12.7.2 <
𝑥
< 12.7.2
automatticjetpack
12.6.3 <
𝑥
< 12.6.3
automatticjetpack
12.5.1 <
𝑥
< 12.5.1
automatticjetpack
12.4.1 <
𝑥
< 12.4.1
automatticjetpack
12.3.1 <
𝑥
< 12.3.1
automatticjetpack
12.2.2 <
𝑥
< 12.2.2
automatticjetpack
12.1.2 <
𝑥
< 12.1.2
automatticjetpack
12.0.2 <
𝑥
< 12.0.2
automatticjetpack
11.9.3 <
𝑥
< 11.9.3
automatticjetpack
11.8.6 <
𝑥
< 11.8.6
automatticjetpack
11.7.3 <
𝑥
< 11.7.3
automatticjetpack
11.6.2 <
𝑥
< 11.6.2
automatticjetpack
11.5.3 <
𝑥
< 11.5.3
automatticjetpack
11.4.2 <
𝑥
< 11.4.2
automatticjetpack
11.3.4 <
𝑥
< 11.3.4
automatticjetpack
11.2.2 <
𝑥
< 11.2.2
automatticjetpack
11.1.4 <
𝑥
< 11.1.4
automatticjetpack
11.0.2 <
𝑥
< 11.0.2
automatticjetpack
10.9.3 <
𝑥
< 10.9.3
automatticjetpack
10.8.2 <
𝑥
< 10.8.2
automatticjetpack
10.7.2 <
𝑥
< 10.7.2
automatticjetpack
10.6.2 <
𝑥
< 10.6.2
automatticjetpack
10.5.3 <
𝑥
< 10.5.3
automatticjetpack
10.4.2 <
𝑥
< 10.4.2
automatticjetpack
10.3.2 <
𝑥
< 10.3.2
automatticjetpack
10.2.3 <
𝑥
< 10.2.3
automatticjetpack
10.1.2 <
𝑥
< 10.1.2
automatticjetpack
10.0.2 <
𝑥
< 10.0.2
automatticjetpack
9.9.3 <
𝑥
< 9.9.3
automatticjetpack
9.8.3 <
𝑥
< 9.8.3
automatticjetpack
9.7.3 <
𝑥
< 9.7.3
automatticjetpack
9.6.4 <
𝑥
< 9.6.4
automatticjetpack
9.5.5 <
𝑥
< 9.5.5
automatticjetpack
9.4.4 ≤
𝑥
≤ 9.4.4
automatticjetpack
9.3.5 <
𝑥
< 9.3.5
automatticjetpack
9.2.4 <
𝑥
< 9.2.4
automatticjetpack
9.1.3 <
𝑥
< 9.1.3
automatticjetpack
9.0.5 <
𝑥
< 9.0.5
automatticjetpack
8.9.4 <
𝑥
< 8.9.4
automatticjetpack
8.8.5 <
𝑥
< 8.8.5
automatticjetpack
8.7.4 <
𝑥
< 8.7.4
automatticjetpack
8.6.4 <
𝑥
< 8.6.4
automatticjetpack
8.5.3 <
𝑥
< 8.5.3
automatticjetpack
8.4.5 <
𝑥
< 8.4.5
automatticjetpack
8.3.3 <
𝑥
< 8.3.3
automatticjetpack
8.2.6 <
𝑥
< 8.2.6
automatticjetpack
8.1.4 <
𝑥
< 8.1.4
automatticjetpack
8.0.3 <
𝑥
< 8.0.3
automatticjetpack
7.9.4 <
𝑥
< 7.9.4
automatticjetpack
7.8.4 <
𝑥
< 7.8.4
automatticjetpack
7.7.6 <
𝑥
< 7.7.6
automatticjetpack
7.6.4 <
𝑥
< 7.6.4
automatticjetpack
7.5.7 <
𝑥
< 7.5.7
automatticjetpack
7.4.5 <
𝑥
< 7.4.5
automatticjetpack
7.3.5 <
𝑥
< 7.3.5
automatticjetpack
7.2.5 <
𝑥
< 7.2.5
automatticjetpack
7.1.5 <
𝑥
< 7.1.5
automatticjetpack
7.0.5 <
𝑥
< 7.0.5
automatticjetpack
6.9.4 <
𝑥
< 6.9.4
automatticjetpack
6.8.5 <
𝑥
< 6.8.5
automatticjetpack
6.7.4 <
𝑥
< 6.7.4
automatticjetpack
6.6.5 <
𝑥
< 6.6.5
automatticjetpack
6.5.4 <
𝑥
< 6.5.4
automatticjetpack
6.4.6 <
𝑥
< 6.4.6
automatticjetpack
6.3.7 <
𝑥
< 6.3.7
automatticjetpack
6.2.5 <
𝑥
< 6.2.5
automatticjetpack
6.1.5 <
𝑥
< 6.1.5
automatticjetpack
6.0.4 <
𝑥
< 6.0.4
automatticjetpack
5.9.4 <
𝑥
< 5.9.4
automatticjetpack
5.8.4 <
𝑥
< 5.8.4
automatticjetpack
5.7.5 <
𝑥
< 5.7.5
automatticjetpack
5.6.5 <
𝑥
< 5.6.5
automatticjetpack
5.5.5 <
𝑥
< 5.5.5
automatticjetpack
5.4.4 <
𝑥
< 5.4.4
automatticjetpack
5.3.4 <
𝑥
< 5.3.4
automatticjetpack
5.2.5 <
𝑥
< 5.2.5
automatticjetpack
5.1.4 <
𝑥
< 5.1.4
automatticjetpack
5.0.3 <
𝑥
< 5.0.3
automatticjetpack
4.9.3 <
𝑥
< 4.9.3
automatticjetpack
4.8.5 <
𝑥
< 4.8.5
automatticjetpack
4.7.4 <
𝑥
< 4.7.4
automatticjetpack
4.6.3 <
𝑥
< 4.6.3
automatticjetpack
4.5.3 <
𝑥
< 4.5.3
automatticjetpack
4.4.5 <
𝑥
< 4.4.5
automatticjetpack
4.3.5 <
𝑥
< 4.3.5
automatticjetpack
4.2.5 <
𝑥
< 4.2.5
automatticjetpack
4.1.4 <
𝑥
< 4.1.4
automatticjetpack
4.0.7 <
𝑥
< 4.0.7
automatticjetpack
3.9.10 <
𝑥
< 3.9.10
automatticjetpack
13.1 ≤
𝑥
< 13.1.4
automatticjetpack
13.2 ≤
𝑥
< 13.2.3
automatticjetpack
13.3 ≤
𝑥
< 13.3.2
automatticjetpack
13.4 ≤
𝑥
< 13.4.4
automatticjetpack
13.8 ≤
𝑥
< 13.8.2
automatticjetpack
13.0
automatticjetpack
13.5
automatticjetpack
13.6
automatticjetpack
13.7
automatticjetpack
13.9
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/669382af-f836-4896-bdcb-5c6a57c99bd9/