CVE-2021-24374
published 2021-06-21CVE-2021-24374: The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on…
PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
1.49%
70.9th percentile
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| automattic | jetpack | < 9.8 | 9.8 |
| automattic | jetpack | >= 0 < 9.8 | 9.8 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
JetPack Exposure of Resource to Wrong Sphere
ghsa·2022-05-24
CVE-2021-24374 [MEDIUM] CWE-284 JetPack Exposure of Resource to Wrong Sphere
JetPack Exposure of Resource to Wrong Sphere
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
OSV
JetPack Exposure of Resource to Wrong Sphere
osv·2022-05-24
CVE-2021-24374 [MEDIUM] JetPack Exposure of Resource to Wrong Sphere
JetPack Exposure of Resource to Wrong Sphere
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33
2021-06-21
Published