CVE-2021-24374

CVE-2021-24374: Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak

Vendor Automattic

Product Jetpack – WP Security, Backup, Speed, & Growth

Weakness CWE-639 · IDOR

Published June 21, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.

Key dates

Disclosure timeline

June 21, 2021 CVE published

August 3, 2024 Record updated