CVE-2024-9926

EUVD-2024-50216
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
automatticjetpack
13.1 ≤
𝑥
< 13.1.4
automatticjetpack
13.2 ≤
𝑥
< 13.2.3
automatticjetpack
13.3 ≤
𝑥
< 13.3.2
automatticjetpack
13.4 ≤
𝑥
< 13.4.4
automatticjetpack
13.8 ≤
𝑥
< 13.8.2
automatticjetpack
13.0
automatticjetpack
13.5
automatticjetpack
13.6
automatticjetpack
13.7
automatticjetpack
13.9
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
automatticjetpack
13.9 ≤
𝑥
< 13.9.1
ADP
automatticjetpack
13.8 ≤
𝑥
< 13.8.2
ADP
automatticjetpack
13.7 ≤
𝑥
< 13.7.1
ADP
automatticjetpack
13.6 ≤
𝑥
< 13.6.1
ADP
automatticjetpack
13.5 ≤
𝑥
< 13.5.1
ADP
automatticjetpack
13.4 ≤
𝑥
< 13.4.4
ADP
automatticjetpack
13.3 ≤
𝑥
< 13.3.2
ADP
automatticjetpack
13.2 ≤
𝑥
< 13.2.3
ADP
automatticjetpack
13.1 ≤
𝑥
< 13.1.4
ADP
automatticjetpack
13.0 ≤
𝑥
< 13.0.1
ADP
automatticjetpack
12.9 ≤
𝑥
< 12.9.4
ADP
automatticjetpack
12.8 ≤
𝑥
< 12.8.2
ADP
automatticjetpack
12.7 ≤
𝑥
< 12.7.2
ADP
automatticjetpack
12.6 ≤
𝑥
< 12.6.3
ADP
automatticjetpack
12.5 ≤
𝑥
< 12.5.1
ADP
automatticjetpack
12.4 ≤
𝑥
< 12.4.1
ADP
automatticjetpack
12.3 ≤
𝑥
< 12.3.1
ADP
automatticjetpack
12.2 ≤
𝑥
< 12.2.2
ADP
automatticjetpack
12.1 ≤
𝑥
< 12.1.2
ADP
automatticjetpack
12.0 ≤
𝑥
< 12.0.2
ADP
automatticjetpack
11.9 ≤
𝑥
< 11.9.3
ADP
automatticjetpack
11.8 ≤
𝑥
< 11.8.6
ADP
automatticjetpack
11.7 ≤
𝑥
< 11.7.3
ADP
automatticjetpack
11.6 ≤
𝑥
< 11.6.2
ADP
automatticjetpack
11.5 ≤
𝑥
< 11.5.3
ADP
automatticjetpack
11.4 ≤
𝑥
< 11.4.2
ADP
automatticjetpack
11.3 ≤
𝑥
< 11.3.4
ADP
automatticjetpack
11.2 ≤
𝑥
< 11.2.2
ADP
automatticjetpack
11.1 ≤
𝑥
< 11.1.4
ADP
automatticjetpack
11.0 ≤
𝑥
< 11.0.2
ADP
automatticjetpack
10.9 ≤
𝑥
< 10.9.3
ADP
automatticjetpack
10.8 ≤
𝑥
< 10.8.2
ADP
automatticjetpack
10.7 ≤
𝑥
< 10.7.2
ADP
automatticjetpack
10.6 ≤
𝑥
< 10.6.2
ADP
automatticjetpack
10.5 ≤
𝑥
< 10.5.3
ADP
automatticjetpack
10.4 ≤
𝑥
< 10.4.2
ADP
automatticjetpack
10.3 ≤
𝑥
< 10.3.2
ADP
automatticjetpack
10.2 ≤
𝑥
< 10.2.3
ADP
automatticjetpack
10.1 ≤
𝑥
< 10.1.2
ADP
automatticjetpack
10.0 ≤
𝑥
< 10.0.2
ADP
automatticjetpack
9.9 ≤
𝑥
< 9.9.3
ADP
automatticjetpack
9.8 ≤
𝑥
< 9.8.3
ADP
automatticjetpack
9.7 ≤
𝑥
< 9.7.3
ADP
automatticjetpack
9.6 ≤
𝑥
< 9.6.4
ADP
automatticjetpack
9.5 ≤
𝑥
< 9.5.5
ADP
automatticjetpack
9.4 ≤
𝑥
≤ 9.4.4
ADP
automatticjetpack
9.3 ≤
𝑥
< 9.3.5
ADP
automatticjetpack
9.2 ≤
𝑥
< 9.2.4
ADP
automatticjetpack
9.1 ≤
𝑥
< 9.1.3
ADP
automatticjetpack
9.0 ≤
𝑥
< 9.0.5
ADP
automatticjetpack
8.9 ≤
𝑥
< 8.9.4
ADP
automatticjetpack
8.8 ≤
𝑥
< 8.8.5
ADP
automatticjetpack
8.7 ≤
𝑥
< 8.7.4
ADP
automatticjetpack
8.6 ≤
𝑥
< 8.6.4
ADP
automatticjetpack
8.5 ≤
𝑥
< 8.5.3
ADP
automatticjetpack
8.4 ≤
𝑥
< 8.4.5
ADP
automatticjetpack
8.3 ≤
𝑥
< 8.3.3
ADP
automatticjetpack
8.2 ≤
𝑥
< 8.2.6
ADP
automatticjetpack
8.1 ≤
𝑥
< 8.1.4
ADP
automatticjetpack
8.0 ≤
𝑥
< 8.0.3
ADP
automatticjetpack
7.9 ≤
𝑥
< 7.9.4
ADP
automatticjetpack
7.8 ≤
𝑥
< 7.8.4
ADP
automatticjetpack
7.7 ≤
𝑥
< 7.7.6
ADP
automatticjetpack
7.6 ≤
𝑥
< 7.6.4
ADP
automatticjetpack
7.5 ≤
𝑥
< 7.5.7
ADP
automatticjetpack
7.4 ≤
𝑥
< 7.4.5
ADP
automatticjetpack
7.3 ≤
𝑥
< 7.3.5
ADP
automatticjetpack
7.2 ≤
𝑥
< 7.2.5
ADP
automatticjetpack
7.1 ≤
𝑥
< 7.1.5
ADP
automatticjetpack
7.0 ≤
𝑥
< 7.0.5
ADP
automatticjetpack
6.9 ≤
𝑥
< 6.9.4
ADP
automatticjetpack
6.8 ≤
𝑥
< 6.8.5
ADP
automatticjetpack
6.7 ≤
𝑥
< 6.7.4
ADP
automatticjetpack
6.6 ≤
𝑥
< 6.6.5
ADP
automatticjetpack
6.5 ≤
𝑥
< 6.5.4
ADP
automatticjetpack
6.4 ≤
𝑥
< 6.4.6
ADP
automatticjetpack
6.3 ≤
𝑥
< 6.3.7
ADP
automatticjetpack
6.2 ≤
𝑥
< 6.2.5
ADP
automatticjetpack
6.1 ≤
𝑥
< 6.1.5
ADP
automatticjetpack
6.0 ≤
𝑥
< 6.0.4
ADP
automatticjetpack
5.9 ≤
𝑥
< 5.9.4
ADP
automatticjetpack
5.8 ≤
𝑥
< 5.8.4
ADP
automatticjetpack
5.7 ≤
𝑥
< 5.7.5
ADP
automatticjetpack
5.6 ≤
𝑥
< 5.6.5
ADP
automatticjetpack
5.5 ≤
𝑥
< 5.5.5
ADP
automatticjetpack
5.4 ≤
𝑥
< 5.4.4
ADP
automatticjetpack
5.3 ≤
𝑥
< 5.3.4
ADP
automatticjetpack
5.2 ≤
𝑥
< 5.2.5
ADP
automatticjetpack
5.1 ≤
𝑥
< 5.1.4
ADP
automatticjetpack
5.0 ≤
𝑥
< 5.0.3
ADP
automatticjetpack
4.9 ≤
𝑥
< 4.9.3
ADP
automatticjetpack
4.8 ≤
𝑥
< 4.8.5
ADP
automatticjetpack
4.7 ≤
𝑥
< 4.7.4
ADP
automatticjetpack
4.6 ≤
𝑥
< 4.6.3
ADP
automatticjetpack
4.5 ≤
𝑥
< 4.5.3
ADP
automatticjetpack
4.4 ≤
𝑥
< 4.4.5
ADP
automatticjetpack
4.3 ≤
𝑥
< 4.3.5
ADP
automatticjetpack
4.2 ≤
𝑥
< 4.2.5
ADP
automatticjetpack
4.1.0 ≤
𝑥
< 4.1.4
ADP
automatticjetpack
4.0.0 ≤
𝑥
< 4.0.7
ADP
automatticjetpack
3.9.2 ≤
𝑥
< 3.9.10
ADP
References
https://wpscan.com/vulnerability/669382af-f836-4896-bdcb-5c6a57c99bd9/