Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-47774

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): LOW

created 6 months ago

WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.

References

https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-… vdb-entry
https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-… vdb-entry
https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-… vdb-entry x_transferred

Affected products

jetpack

<12.7
==*

Matching in nixpkgs

pkgs.wordpressPackages.plugins.jetpack

None

nixos-unstable -
- nixpkgs-unstable 14.5

pkgs.wordpressPackages.plugins.jetpack-lite