Description
WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently publish posts via unspecified vectors. WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth versions 1.9.x before 1.9.4, 2.0.x before 2.0.6, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2 and 2.9.x before 2.9.3 are vulnerable; prior versions may also be affected.
Remediation
Update to plugin versions 1.9.4, 2.0.6, 2.1.4, 2.2.7, 2.3.7, 2.4.4, 2.5.2, 2.6.3, 2.7.2, 2.8.2, 2.9.3 or latest
References
Related Vulnerabilities
WordPress Plugin Page Builder:Live Composer Cross-Site Scripting (1.5.22)
WordPress Plugin WP Socializer-Simple & Easy Social Media Share Icons Cross-Site Scripting (2.4.2)
WordPress Plugin Paid Business Listings Blind SQL Injection (1.0.2)
WordPress Plugin Activity Log Cross-Site Scripting (2.3.1)
WordPress Plugin wpShopGermany Free Arbitrary File Upload (4.0.10)