Description
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently publish posts via unspecified vectors. WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth versions 1.9.x before 1.9.4, 2.0.x before 2.0.6, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2 and 2.9.x before 2.9.3 are vulnerable; prior versions may also be affected.
Remediation
Update to plugin versions 1.9.4, 2.0.6, 2.1.4, 2.2.7, 2.3.7, 2.4.4, 2.5.2, 2.6.3, 2.7.2, 2.8.2, 2.9.3 or latest
References
Related Vulnerabilities
WordPress Plugin WP Instagram-Best Instagram Feeds Cross-Site Scripting (1.0.19)
Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-7234)
MySQL CVE-2021-2170 Vulnerability (CVE-2021-2170)
WordPress Plugin MailPoet Newsletters (Previous) Cross-Site Scripting (2.6.19)
WordPress Plugin Audio Player Cross-Site Scripting (2.0.4.5)