Description
Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
Published: 2026-06-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unauthenticated sensitive data exposure in JetBlog versions up to and including 2.4.8 allows any visitor to retrieve confidential information protected by the plugin. The vulnerability originates from improper data handling within the plugin, identified as CWE-1258. Exposing private data can compromise confidentiality and may open the door for additional compromise of the website.

Affected Systems

Jetimpex Inc. JetBlog plugin versions 2.4.8 and earlier. Administrators using these versions are affected; upgrading to 2.4.8.1 or later removes the flaw.

Risk and Exploitability

The CVSS score of 7.5 indicates high potential impact. EPSS is not available. Based on the description, it is inferred that the flaw can be triggered remotely via normal traffic to the WordPress site without the need for user authentication. Because it is not listed in CISA's KEV catalog, there is no evidence of current widespread exploitation.

Generated by OpenCVE AI on June 18, 2026 at 14:32 UTC.

Remediation

Vendor Solution

Update the WordPress JetBlog Plugin to the latest available version (at least 2.4.8.1).


OpenCVE Recommended Actions

  • Upgrade the JetBlog plugin to version 2.4.8.1 or newer to eliminate the CWE-1258 weakness.
  • After updating, verify that file permissions are correctly set so that no sensitive files are publicly accessible.
  • Deploy monitoring for unauthorized access attempts and apply additional hardening such as restricting access to sensitive directories.

Generated by OpenCVE AI on June 18, 2026 at 14:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Jetimpex Inc.
Jetimpex Inc. jetblog
Wordpress
Wordpress wordpress
Vendors & Products Jetimpex Inc.
Jetimpex Inc. jetblog
Wordpress
Wordpress wordpress

Wed, 17 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 17 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Sensitive Data Exposure in JetBlog <= 2.4.8 versions.
Title WordPress JetBlog plugin <= 2.4.8 - Sensitive Data Exposure vulnerability
Weaknesses CWE-1258
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Jetimpex Inc. Jetblog
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-17T12:18:26.409Z

Reserved: 2026-06-08T10:11:03.696Z

Link: CVE-2026-52696

cve-icon Vulnrichment

Updated: 2026-06-17T12:18:19.903Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-20T23:03:53Z

Weaknesses
  • CWE-1258

    Exposure of Sensitive System Information Due to Uncleared Debug Information