← volver
CVE-2024-10858

Jetpack 13.0-14.0 - Unauthenticated DOM-XSS

CVSS 6.1 MEDIUMEPSS 0.3%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
25 dic 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Unknown · Jetpack