In Jetpack WordPress plugin versions 13.x before 14.1 a medium severity vulnerability CVE-2024-10858 was detected. This vulnerability allows attackers to exploit improper origin checks in the `postMessage` function, leading to DOM-based Cross-Site Scripting (XSS) attacks. To address this issue, users should upgrade to version 14.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10858.
WordPress: DOM-XSS Vulnerability in Jetpack Plugin
by the Hossted team
31.12.2024
31.12.2024