CVE-2014-0173

Name of the Vulnerable Software and Affected Versions Jetpack plugin versions 1.9 through 1.9.3 Jetpack plugin versions 2.0.x through 2.0.8 Jetpack plugin versions 2.1.x through 2.1.3 Jetpack plugin versions 2.2.x through 2.2.6 Jetpack plugin versions 2.3.x through 2.3.6 Jetpack plugin versions 2.4.x through 2.4.3 Jetpack plugin versions 2.5.x through 2.5.1 Jetpack plugin versions 2.6.x through 2.6.2 Jetpack plugin versions 2.7.x through 2.7.1 Jetpack plugin versions 2.8.x through 2.8.1 Jetpack plugin versions 2.9.x through 2.9.2

Description The issue allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors due to improper access restriction to the XML-RPC service.

Recommendations For Jetpack plugin versions 1.9 through 1.9.3, update to version 1.9.4 or later. For Jetpack plugin versions 2.0.x through 2.0.8, update to version 2.0.9 or later. For Jetpack plugin versions 2.1.x through 2.1.3, update to version 2.1.4 or later. For Jetpack plugin versions 2.2.x through 2.2.6, update to version 2.2.7 or later. For Jetpack plugin versions 2.3.x through 2.3.6, update to version 2.3.7 or later. For Jetpack plugin versions 2.4.x through 2.4.3, update to version 2.4.4 or later. For Jetpack plugin versions 2.5.x through 2.5.1, update to version 2.5.2 or later. For Jetpack plugin versions 2.6.x through 2.6.2, update to version 2.6.3 or later. For Jetpack plugin versions 2.7.x through 2.7.1, update to version 2.7.2 or later. For Jetpack plugin versions 2.8.x through 2.8.1, update to version 2.8.2 or later. For Jetpack plugin versions 2.9.x through 2.9.2, update to version 2.9.3 or later.