The Jetpack Carousel module allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked. Please refer to the Proof of Concept (PoC) of this vulnerability for further technical details.
By changing the "id" parameter of the POST request to a valid media attachment id on a page/post that was not public, it was possible to leak the non-public comments. http://example.com/wp-admin/admin-ajax.php?action=get_attachment_comments&nonce=4aadefa6ee&id=28&offset=0
nguyenhg_vcs
Jetpack Scan
Yes
2021-06-03 (about 2 years ago)
2021-06-03 (about 2 years ago)
2022-01-04 (about 1 years ago)