Primary

Context

Jetpack WordPress Plugin Unauthenticated Arbitrary Block and Shortcode Execution Vulnerability

Vulnerability

Patched

A vulnerability exists in the Jetpack WordPress plugin in versions prior to 13.8. The issue arises because the plugin does not properly restrict access to posts created by the Contact Form, potentially allowing unauthenticated users to execute arbitrary shortcodes and blocks.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of shortcodes and blocks by unauthenticated users.

Remediation

Users are advised to update the Jetpack WordPress plugin to version 13.8 or later.

Added: Jun 5, 2025, 11:35 PM

Updated: Jun 6, 2025, 12:09 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

1.3

exploitability

8.9

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

1.3

exploitability

8.9

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Jetpack WordPress Plugin Unauthenticated Arbitrary Block and Shortcode Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Jetpack

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating