Description

WordPress plugin Jetpack version 2.9.3 contains a critical security update, and you should update your site as soon as possible. During an internal security audit, the Jetpack team found a bug that allows an attacker to bypass a site's access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.

All Jetpack versions from 1.9 until 2.9.2 (inclusive) are vulnerable.

Remediation

Upgrade to the latest version of Jetpack.

References

Jetpack 2.9.3: Critical Security Update

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3470)

MySQL CVE-2022-21324 Vulnerability (CVE-2022-21324 )

PHP-Fusion URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-23182)

WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)

WordPress Plugin Order Export & Order Import for WooCommerce Cross-Site Request Forgery (1.6.0)

Severity

High

Classification

CVE-2014-0173 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Missing Update