Vulnerability Details : CVE-2014-0173
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score for CVE-2014-0173
Probability of exploitation activity in the next 30 days: 0.46%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0173
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2014-0173
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0173
-
http://www.securityfocus.com/bid/66789
WordPress Jetpack Plugin CVE-2014-0173 Security Bypass Vulnerability
-
http://jetpack.me/2014/04/10/jetpack-security-update/
Jetpack 2.9.3: Critical Security UpdateVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/92560
Jetpack plugin for WordPress security bypass CVE-2014-0173 Vulnerability Report
Products affected by CVE-2014-0173
- cpe:2.3:a:automattic:jetpack:2.6:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.3.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.3.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.1.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:1.9.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:1.9.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.9.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.9:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.8:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.3.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.2.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.2.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.0.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.0.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.0.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.6.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.3.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.3.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.2.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.2.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.0.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.0:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.9.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.9.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.4.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.4.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.2.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.1.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:2.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:automattic:jetpack:1.9:*:*:*:*:wordpress:*:*