Skip to main content

Jetpack CVE-2023-47774

MEDIUM
Improper Restriction of Rendered UI Layers or Frames (CWE-1021)
2024-04-24 audit@patchstack.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 24, 2024 - 16:15 cve.org
MEDIUM 5.4

DescriptionCVE.org

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.

AnalysisAI

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-1021. Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.7. Affected products include: Automattic Jetpack. Version information: before 12.7..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2023-2996 HIGH POC
8.8 Jun 27

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above t

CVE-2023-45050 MEDIUM POC
6.5 Nov 30

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack

CVE-2023-54332 MEDIUM POC
6.1 Jan 13

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject ma

CVE-2024-10858 MEDIUM POC
6.1 Dec 25

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing

CVE-2024-10075 MEDIUM POC
5.6 May 15

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to

CVE-2021-24374 MEDIUM POC
5.3 Jun 21

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image ga

CVE-2024-9926 MEDIUM POC
4.3 Nov 07

The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated

CVE-2024-4392 MEDIUM
6.4 May 14

The Jetpack - WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2024-10076 MEDIUM
5.9 May 15

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerato

CVE-2014-0173 MEDIUM
5.8 Apr 22

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3

Share

CVE-2023-47774 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy