CVE-2024-9926

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 7, 2024
Updated: Nov 8, 2024

Summary

CVE-2024-9926 is a vulnerability affecting the Jetpack WordPress plugin. This issue stems from insufficient authorization in one of its REST endpoints. authenticated users, including subscribers, can exploit this flaw to access arbitrary feedback data sent via the Jetpack Contact Form. This vulnerability poses a significant risk for websites using the Jetpack plugin and could potentially lead to information disclosure. It is recommended that users update to the latest version of the Jetpack plugin to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share