Remote Access Vulnerability in Jetpack Plugin for WordPress
CVE-2014-0173

Currently unrated

Key Information:

Vendor: Wordpress
Status: Jetpack
Vendor: CVE Published:; 22 April 2014

Summary

The Jetpack plugin for WordPress, in versions prior to 1.9 and various updates leading to 2.9.3, has an access control vulnerability that fails to adequately secure the XML-RPC service. This flaw enables remote attackers to bypass existing restrictions, thereby allowing unauthorized users to publish posts through unconfirmed methods. This situation potentially exposes numerous WordPress installations to unwanted content manipulation and other security risks.

References

http://jetpack.me/2014/04/10/jetpack-security-update/

x_refsource_CONFIRM

http://www.securityfocus.com/bid/66789

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/92560

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Apr 22, 2014
Vulnerability Reserved
Dec 3, 2013