CVE-2024-9926 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-9926

CWE

https://cwe.mitre.org/data/definitions/.html

The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form

Affected Software

Name	Vendor	Start Version	End Version
Jetpack	Automattic	13.1 (including)	13.1.4 (excluding)
Jetpack	Automattic	13.2 (including)	13.2.3 (excluding)
Jetpack	Automattic	13.3 (including)	13.3.2 (excluding)
Jetpack	Automattic	13.4 (including)	13.4.4 (excluding)
Jetpack	Automattic	13.8 (including)	13.8.2 (excluding)
Jetpack	Automattic	13.0 (including)	13.0 (including)
Jetpack	Automattic	13.5 (including)	13.5 (including)
Jetpack	Automattic	13.6 (including)	13.6 (including)
Jetpack	Automattic	13.7 (including)	13.7 (including)
Jetpack	Automattic	13.9 (including)	13.9 (including)

References

https://wpscan.com/vulnerability/669382af-f836-4896-bdcb-5c6a57c99bd9/