WordPress Plugin Vulnerabilities
Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection
Description
The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Clickjacking via iframe injection due to an unknown parameter in all versions up to and including 12.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject iframes in pages that can be used to make users perform actions on untrusted sites.
Affects Plugins
References
Classification
Type
INJECTION
OWASP top 10
CVSS
Miscellaneous
Original Researcher
Rafie Muhammad
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2023-11-16 (about 5 months ago)
Added
2023-11-24 (about 5 months ago)
Last Updated
2023-11-24 (about 5 months ago)