CVE-2014-0173Jetpack vulnerability

CWE-2643 documents3 sources
Severity
5.8MEDIUMNVD
EPSS
0.7%
top 28.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Automattic Jetpack
Timeline
PublishedApr 22
Latest updateMay 17

Description

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDautomattic/jetpack35 versions+34

🔴Vulnerability Details

2
GHSA
GHSA-pvqr-gxgx-gfxh: The Jetpack plugin before 12022-05-17
CVEList
CVE-2014-0173: The Jetpack plugin before 12014-04-21
CVE-2014-0173 — Automattic Jetpack vulnerability | cvebase