CVE-2023-47774 - Vulnerability Details - OpenCVE

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00041.

Key SSVC decision points have not yet been added.

Vendors	Products
Automattic	Jetpack
Wordpress	Wordpress

Configuration 1 [-]

cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Automattic	Jetpack
Wordpress	Wordpress

References

Link	Providers
https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve

History

Tue, 28 Apr 2026 18:30:00 +0000

Type	Values Removed	Values Added
Description	Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.	Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.

Thu, 22 Jan 2026 13:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:automattic:jetpack::::::wordpress::*

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00043}`	epss `{'score': 0.00044}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-04-24T15:58:40.432Z

Updated: 2026-04-28T16:08:51.813Z

Reserved: 2023-11-09T21:00:01.699Z

Link: CVE-2023-47774

Vulnrichment

Updated: 2024-08-02T21:16:43.660Z

NVD

Status : Modified

Published: 2024-04-24T16:15:08.107

Modified: 2026-04-28T19:22:00.563

Link: CVE-2023-47774

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-13T21:07:21Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-47774", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-11-09T21:00:01.699Z", "datePublished": "2024-04-24T15:58:40.432Z", "dateUpdated": "2026-04-28T16:08:51.813Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "jetpack", "product": "Jetpack", "vendor": "Automattic", "versions": [{"changes": [{"at": "12.7", "status": "unaffected"}], "lessThan": "12.7", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rafie Muhammad (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.<p>This issue affects Jetpack: from n/a before 12.7.</p>"}], "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7."}], "impacts": [{"capecId": "CAPEC-103", "descriptions": [{"lang": "en", "value": "CAPEC-103 Clickjacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:08:51.813Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 12.7 or a higher version."}], "value": "Update to 12.7 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47774", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T18:30:02.309416Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*"], "vendor": "automattic", "product": "jetpack", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:46.541Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:16:43.660Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:16:43.660Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47774", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-25T18:30:02.309416Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*"], "vendor": "automattic", "product": "jetpack", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-25T18:31:37.327Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rafie Muhammad (Patchstack)"}], "impacts": [{"capecId": "CAPEC-103", "descriptions": [{"lang": "en", "value": "CAPEC-103 Clickjacking"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Automattic", "product": "Jetpack", "versions": [{"status": "affected", "changes": [{"at": "12.7", "status": "unaffected"}], "version": "n/a", "lessThan": "12.7", "versionType": "custom"}], "packageName": "jetpack", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 12.7 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 12.7 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.\n\n", "supportingMedia": [{"type": "text/html", "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.<p>This issue affects Jetpack: from n/a before 12.7.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1021", "description": "CWE-1021 Improper Restriction of Rendered UI Layers or Frames"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-04-24T15:59:47.815Z"}}}, "cveMetadata": {"cveId": "CVE-2023-47774", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:16:43.660Z", "dateReserved": "2023-11-09T21:00:01.699Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-04-24T15:58:40.432Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:automattic:jetpack:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "51246B21-F755-4190-B250-B17373549958", "versionEndExcluding": "12.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7."}, {"lang": "es", "value": "La restricci\u00f3n inadecuada de las capas o frameworks de la interfaz de usuario renderizados en Automattic Jetpack permite el Clickjacking. Este problema afecta a Jetpack: desde n/a antes de 12.7."}], "id": "CVE-2023-47774", "lastModified": "2026-04-28T19:22:00.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-24T16:15:08.107", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "audit@patchstack.com", "type": "Secondary"}]}