[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fSuUiK7FB6_NFvIYIbQhtFnQ78dDsmIUAmlXwOW54QwI":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-2996","jetpack-authenticated-author-arbitrary-file-manipulation","Jetpack \u003C= 12.1 - Authenticated (Author+) Arbitrary File Manipulation","The Jetpack plugin for WordPress is vulnerable to arbitrary file manipulation in versions up to, and including, 12.1. This is due to insufficient validation on data being supplied to the media API endpoint. This makes it possible for authenticated attackers, with author-level permissions and above, to modify arbitrary files in the WordPress Installation.","jetpack",null,">=10.0 \u003C=10.0","10.0.1","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:N","Improper Input Validation","2023-05-30 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F9dfca4cb-71dc-4b2d-bcf3-0ca9f88f88df?source=api-prod",238]