CVE-2024-10075

Name of the Vulnerable Software and Affected Versions: Jetpack WordPress plugin versions prior to 13.8

Description: The issue concerns the Jetpack WordPress plugin, where posts created by the Contact Form are not properly restricted to authorized users. This could allow unauthenticated users to execute arbitrary shortcodes and block them.

Recommendations: For versions prior to 13.8, update to version 13.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the Contact Form and its created posts to minimize the risk of exploitation.