admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-10076.md

19 lines
962 B
Markdown
Raw Permalink Normal View History

Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### [CVE-2024-10076](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10076)
![](https://img.shields.io/static/v1?label=Product&message=Jetpack%20Boost&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Jetpack&color=blue)
Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brightgreen)
Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00
### Description
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldnt, ultimately making it possible for contributor and above users to perform Stored XSS attacks
### POC
#### Reference
- https://wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink