Description
WordPress plugin Jetpack version 2.9.3 contains a critical security update, and you should update your site as soon as possible.
During an internal security audit, the Jetpack team found a bug that allows an attacker to bypass a site's access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012.
All Jetpack versions from 1.9 until 2.9.2 (inclusive) are vulnerable.
Remediation
Upgrade to the latest version of Jetpack.
References
Related Vulnerabilities
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-36396)
Joomla Other Vulnerability (CVE-2006-7010)
WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.0.2)
Oracle JRE CVE-2023-21843 Vulnerability (CVE-2023-21843)
WordPress Plugin Essential Real Estate Cross-Site Scripting (1.7.1)