Description
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth version 9.7.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 9.8 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:08A8A51C-49D3-4BCE-B7E0-E365AF1D8F33
https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/
Related Vulnerabilities
MongoDb Reachable Assertion Vulnerability (CVE-2021-32037)
WordPress Plugin WooCommerce BuddyPress Integration Security Bypass (3.2.5)
Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-8184)
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3586)