Remote Access Vulnerability in Jetpack Plugin for WordPress
CVE-2014-0173

Currently unrated

Key Information:

Vendor

Wordpress
Status
Jetpack
Vendor
CVE Published:
22 April 2014

What is CVE-2014-0173?

The Jetpack plugin for WordPress, in versions prior to 1.9 and various updates leading to 2.9.3, has an access control vulnerability that fails to adequately secure the XML-RPC service. This flaw enables remote attackers to bypass existing restrictions, thereby allowing unauthorized users to publish posts through unconfirmed methods. This situation potentially exposes numerous WordPress installations to unwanted content manipulation and other security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://jetpack.me/2014/04/10/jetpack-security-update/
x_refsource_CONFIRM
http://www.securityfocus.com/bid/66789
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/92560
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.