CVE-2024-10858

CVE-2024-10858: Jetpack 13.0-14.0 - Unauthenticated DOM-XSS

Vendor Unknown

Product Jetpack

Published December 25, 2024

Last update December 26, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.

Key dates

Disclosure timeline

December 25, 2024 CVE published

December 26, 2024 Record updated