How severe is CVE-2024-10858?

CVE-2024-10858 has a CVSS v3 score of 6.1 (MEDIUM).

CVE-2024-10858

Name: jetpack
Author: automattic

6.1MEDIUM

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hoste

Published: 12/25/2024Updated: 5/14/2025

Description

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.

AI AnalysisPowered by AI

Affected Products

automatticjetpack

References

https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/
ExploitThird Party Advisory
https://wpscan.com/vulnerability/7fecba37-d718-4dd4-89f3-285fb36a4165/
ExploitThird Party Advisory