CVE-2023-2996

Name of the Vulnerable Software and Affected Versions Jetpack WordPress plugin versions prior to 12.1.1

Description The issue allows users with author roles or above to manipulate existing files on the site, including deleting arbitrary files. In rare cases, it can also lead to Remote Code Execution via phar deserialization due to the lack of validation for uploaded files.

Recommendations For versions prior to 12.1.1, update to version 12.1.1 or later to resolve the issue. As a temporary workaround, consider restricting file upload capabilities to higher roles until the update can be applied.