CVE-2026-52696

WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability

CVSS 7.5 HIGHEPSS 0.2%CWE-1258

In short

The JetBlog plugin for WordPress versions 2.4.8 and earlier allows anyone to access sensitive information without needing to log in, exposing data that should be private.

Technical detail

An unauthenticated attacker can exploit insufficient access controls in JetBlog <= 2.4.8 to retrieve sensitive data through direct requests, potentially exposing private content or configuration details without requiring user authentication.

Summary generated and translated by AI from the official description.

Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Jetimpex Inc. · JetBlog

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/wordpress/plugin/jet-blog/vulnerability/wordpress-jetblog-plugin-2-4-8-sensitive-data-exposure-vulnerability?_s_id=cve