Impact
Unauthenticated sensitive data exposure in JetBlog versions up to and including 2.4.8 allows any visitor to retrieve confidential information protected by the plugin. The vulnerability originates from improper data handling within the plugin, identified as CWE-1258. Exposing private data can compromise confidentiality and may open the door for additional compromise of the website.
Affected Systems
Jetimpex Inc. JetBlog plugin versions 2.4.8 and earlier. Administrators using these versions are affected; upgrading to 2.4.8.1 or later removes the flaw.
Risk and Exploitability
The CVSS score of 7.5 indicates high potential impact. EPSS is not available. Based on the description, it is inferred that the flaw can be triggered remotely via normal traffic to the WordPress site without the need for user authentication. Because it is not listed in CISA's KEV catalog, there is no evidence of current widespread exploitation.
OpenCVE Enrichment