CVE-2024-9926

The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
WPScanCNA
---
---
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
automatticjetpack
13.9.1 <
𝑥
< 13.9.1
automatticjetpack
13.8.2 <
𝑥
< 13.8.2
automatticjetpack
13.7.1 <
𝑥
< 13.7.1
automatticjetpack
13.6.1 <
𝑥
< 13.6.1
automatticjetpack
13.5.1 <
𝑥
< 13.5.1
automatticjetpack
13.4.4 <
𝑥
< 13.4.4
automatticjetpack
13.3.2 <
𝑥
< 13.3.2
automatticjetpack
13.2.3 <
𝑥
< 13.2.3
automatticjetpack
13.1.4 <
𝑥
< 13.1.4
automatticjetpack
13.0.1 <
𝑥
< 13.0.1
automatticjetpack
12.9.4 <
𝑥
< 12.9.4
automatticjetpack
12.8.2 <
𝑥
< 12.8.2
automatticjetpack
12.7.2 <
𝑥
< 12.7.2
automatticjetpack
12.6.3 <
𝑥
< 12.6.3
automatticjetpack
12.5.1 <
𝑥
< 12.5.1
automatticjetpack
12.4.1 <
𝑥
< 12.4.1
automatticjetpack
12.3.1 <
𝑥
< 12.3.1
automatticjetpack
12.2.2 <
𝑥
< 12.2.2
automatticjetpack
12.1.2 <
𝑥
< 12.1.2
automatticjetpack
12.0.2 <
𝑥
< 12.0.2
automatticjetpack
11.9.3 <
𝑥
< 11.9.3
automatticjetpack
11.8.6 <
𝑥
< 11.8.6
automatticjetpack
11.7.3 <
𝑥
< 11.7.3
automatticjetpack
11.6.2 <
𝑥
< 11.6.2
automatticjetpack
11.5.3 <
𝑥
< 11.5.3
automatticjetpack
11.4.2 <
𝑥
< 11.4.2
automatticjetpack
11.3.4 <
𝑥
< 11.3.4
automatticjetpack
11.2.2 <
𝑥
< 11.2.2
automatticjetpack
11.1.4 <
𝑥
< 11.1.4
automatticjetpack
11.0.2 <
𝑥
< 11.0.2
automatticjetpack
10.9.3 <
𝑥
< 10.9.3
automatticjetpack
10.8.2 <
𝑥
< 10.8.2
automatticjetpack
10.7.2 <
𝑥
< 10.7.2
automatticjetpack
10.6.2 <
𝑥
< 10.6.2
automatticjetpack
10.5.3 <
𝑥
< 10.5.3
automatticjetpack
10.4.2 <
𝑥
< 10.4.2
automatticjetpack
10.3.2 <
𝑥
< 10.3.2
automatticjetpack
10.2.3 <
𝑥
< 10.2.3
automatticjetpack
10.1.2 <
𝑥
< 10.1.2
automatticjetpack
10.0.2 <
𝑥
< 10.0.2
automatticjetpack
9.9.3 <
𝑥
< 9.9.3
automatticjetpack
9.8.3 <
𝑥
< 9.8.3
automatticjetpack
9.7.3 <
𝑥
< 9.7.3
automatticjetpack
9.6.4 <
𝑥
< 9.6.4
automatticjetpack
9.5.5 <
𝑥
< 9.5.5
automatticjetpack
9.4.4 ≤
𝑥
≤ 9.4.4
automatticjetpack
9.3.5 <
𝑥
< 9.3.5
automatticjetpack
9.2.4 <
𝑥
< 9.2.4
automatticjetpack
9.1.3 <
𝑥
< 9.1.3
automatticjetpack
9.0.5 <
𝑥
< 9.0.5
automatticjetpack
8.9.4 <
𝑥
< 8.9.4
automatticjetpack
8.8.5 <
𝑥
< 8.8.5
automatticjetpack
8.7.4 <
𝑥
< 8.7.4
automatticjetpack
8.6.4 <
𝑥
< 8.6.4
automatticjetpack
8.5.3 <
𝑥
< 8.5.3
automatticjetpack
8.4.5 <
𝑥
< 8.4.5
automatticjetpack
8.3.3 <
𝑥
< 8.3.3
automatticjetpack
8.2.6 <
𝑥
< 8.2.6
automatticjetpack
8.1.4 <
𝑥
< 8.1.4
automatticjetpack
8.0.3 <
𝑥
< 8.0.3
automatticjetpack
7.9.4 <
𝑥
< 7.9.4
automatticjetpack
7.8.4 <
𝑥
< 7.8.4
automatticjetpack
7.7.6 <
𝑥
< 7.7.6
automatticjetpack
7.6.4 <
𝑥
< 7.6.4
automatticjetpack
7.5.7 <
𝑥
< 7.5.7
automatticjetpack
7.4.5 <
𝑥
< 7.4.5
automatticjetpack
7.3.5 <
𝑥
< 7.3.5
automatticjetpack
7.2.5 <
𝑥
< 7.2.5
automatticjetpack
7.1.5 <
𝑥
< 7.1.5
automatticjetpack
7.0.5 <
𝑥
< 7.0.5
automatticjetpack
6.9.4 <
𝑥
< 6.9.4
automatticjetpack
6.8.5 <
𝑥
< 6.8.5
automatticjetpack
6.7.4 <
𝑥
< 6.7.4
automatticjetpack
6.6.5 <
𝑥
< 6.6.5
automatticjetpack
6.5.4 <
𝑥
< 6.5.4
automatticjetpack
6.4.6 <
𝑥
< 6.4.6
automatticjetpack
6.3.7 <
𝑥
< 6.3.7
automatticjetpack
6.2.5 <
𝑥
< 6.2.5
automatticjetpack
6.1.5 <
𝑥
< 6.1.5
automatticjetpack
6.0.4 <
𝑥
< 6.0.4
automatticjetpack
5.9.4 <
𝑥
< 5.9.4
automatticjetpack
5.8.4 <
𝑥
< 5.8.4
automatticjetpack
5.7.5 <
𝑥
< 5.7.5
automatticjetpack
5.6.5 <
𝑥
< 5.6.5
automatticjetpack
5.5.5 <
𝑥
< 5.5.5
automatticjetpack
5.4.4 <
𝑥
< 5.4.4
automatticjetpack
5.3.4 <
𝑥
< 5.3.4
automatticjetpack
5.2.5 <
𝑥
< 5.2.5
automatticjetpack
5.1.4 <
𝑥
< 5.1.4
automatticjetpack
5.0.3 <
𝑥
< 5.0.3
automatticjetpack
4.9.3 <
𝑥
< 4.9.3
automatticjetpack
4.8.5 <
𝑥
< 4.8.5
automatticjetpack
4.7.4 <
𝑥
< 4.7.4
automatticjetpack
4.6.3 <
𝑥
< 4.6.3
automatticjetpack
4.5.3 <
𝑥
< 4.5.3
automatticjetpack
4.4.5 <
𝑥
< 4.4.5
automatticjetpack
4.3.5 <
𝑥
< 4.3.5
automatticjetpack
4.2.5 <
𝑥
< 4.2.5
automatticjetpack
4.1.4 <
𝑥
< 4.1.4
automatticjetpack
4.0.7 <
𝑥
< 4.0.7
automatticjetpack
3.9.10 <
𝑥
< 3.9.10
automatticjetpack
13.1 ≤
𝑥
< 13.1.4
automatticjetpack
13.2 ≤
𝑥
< 13.2.3
automatticjetpack
13.3 ≤
𝑥
< 13.3.2
automatticjetpack
13.4 ≤
𝑥
< 13.4.4
automatticjetpack
13.8 ≤
𝑥
< 13.8.2
automatticjetpack
13.0
automatticjetpack
13.5
automatticjetpack
13.6
automatticjetpack
13.7
automatticjetpack
13.9
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/669382af-f836-4896-bdcb-5c6a57c99bd9/