CVE-2024-9926 Vulnerability Details
/
/
/
CVE-2024-9926 Metadata Quick Info
CVE Published: 07/11/2024 |
CVE Updated: 07/11/2024 |
CVE Year: 2024
Source: WPScan |
Vendor: Unknown |
Product: Jetpack
Status : PUBLISHED
CVE-2024-9926 Description
The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
Metrics
CVSS Version: 3.1 |
Base Score: n/a
Vector: n/a
l➤ Exploitability Metrics:
Attack Vector (AV)*
Attack Complexity (AC)*
Privileges Required (PR)*
User Interaction (UI)*
Scope (S)*
l➤ Impact Metrics:
Confidentiality Impact (C)*
Integrity Impact (I)*
Availability Impact (A)*
Weakness Enumeration (CWE)
CWE-ID:
CWE Name: CWE-863 Incorrect Authorization
Source: Unknown
Common Attack Pattern Enumeration and Classification (CAPEC)
CAPEC-ID:
CAPEC Description: