cleantalk
Vulnerabilities and Security Researches

Jetpack – WP Security, Backup, Speed, & Growth, 162e5bc508a8fca3a94873242e3470bb3364bf22

CVE, Research URL

162e5bc508a8fca3a94873242e3470bb3364bf22

Home page URL

Security reports for Jetpack – WP Security, Backup, Speed, & Growth

Application

Jetpack – WP Security, Backup, Speed, & Growth

Published on
Oct 14, 2024
Research Description
Jetpack &#8211; WP Security, Backup, Speed, &amp; Growth [jetpack] < 13.9.1 Jetpack < 13.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to unauthorized access of data due to missing capability checks in the Contact_Form_Endpoint class in various versions version up to, but not including, 13.9.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to read all Jetpack form submissions on the site.
Affected versions
max 13.9.1.
Status
vulnerable
Previous vulnerability researches
Jetpack Feedback Exporter (CVE-2025-32251) , Apr 06, 2025
reCAPTCHA Jetpack (CVE-2025-32494) , Apr 11, 2025
reCAPTCHA Jetpack (CVE-2024-3941) , Jun 07, 2024
reCAPTCHA Jetpack (CVE-2024-3940) , Jun 07, 2024
Tiled Gallery Carousel Without JetPack (CVE-2026-5191) , Jun 03, 2026
New vulnerability
Cornerstone (CVE-2026-9710) , Jun 26, 2026
Cornerstone (CVE-2026-9709) , Jun 26, 2026
Essential Blocks – Page Builder Gutenberg Blocks, Patterns &amp; Templates (CVE-2026-10833) , Jun 26, 2026
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026