CVE-2024-10858
Jetpack 13.0-14.0 - Unauthenticated DOM-XSS
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Unknown · Jetpack¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →