cleantalk
Vulnerabilities and Security Researches

Jetpack – WP Security, Backup, Speed, & Growth, CVE-2024-10075

CVE, Research URL

CVE-2024-10075

Home page URL

Security reports for Jetpack – WP Security, Backup, Speed, & Growth

Application

Jetpack – WP Security, Backup, Speed, & Growth

Published on
May 16, 2025
Research Description
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.
Affected versions
Min -, max 13.8.
Status
vulnerable
Previous vulnerability researches
Action Network (CVE-2024-2954) , Jun 07, 2024
Action Network (CVE-2024-25921) , Jun 07, 2024
Action Network (CVE-2024-12394) , Jan 10, 2025
New vulnerability
Countdown Timer for WordPress Block Editor (CVE-2024-10631) , May 17, 2025
WP DeskLite – Helpdesk and Support Plugin (CVE-2024-12724) , May 17, 2025
JSFiddle Shortcode (CVE-2024-10818) , May 17, 2025
Panorama – WordPress Project Management Plugin (CVE-2024-11843) , May 17, 2025
The GDPR Framework By Data443 (CVE-2024-13621) , May 17, 2025