CVE-2024-9926 Vulnerability Details

  /     /     /  

CVE-2024-9926 Metadata Quick Info

CVE Published: 07/11/2024 | CVE Updated: 07/11/2024 | CVE Year: 2024
Source: WPScan | Vendor: Unknown | Product: Jetpack
Status : PUBLISHED

CVE-2024-9926 Description

The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-863 Incorrect Authorization
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: