First published: Mon Jun 21 2021(Updated: )
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Automattic Jetpack | <9.8 | |
composer/automattic/jetpack | <9.8 | 9.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-24374.
The severity of CVE-2021-24374 is medium with a CVSS score of 5.3.
The affected software is JetPack WordPress plugin version up to 9.8.
CVE-2021-24374 is a security vulnerability in the Jetpack Carousel module of the JetPack WordPress plugin before 9.8 that allows users to create a "carousel" type image gallery and allows users to comment on the images.
Yes, the fix for CVE-2021-24374 is provided in JetPack WordPress plugin version 9.8.