Vulnerability Description
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Automattic | Jetpack | < 9.8 |
Related Weaknesses (CWE)
References
- https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-sRelease NotesVendor Advisory
- https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33ExploitThird Party Advisory
- https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-sRelease NotesVendor Advisory
- https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33ExploitThird Party Advisory
FAQ
What is CVE-2021-24374?
CVE-2021-24374 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was fo...
How severe is CVE-2021-24374?
CVE-2021-24374 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24374?
Check the references section above for vendor advisories and patch information. Affected products include: Automattic Jetpack.