CVE-2014-0173

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information.

Published: Apr 22, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-0173
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
automattic / jetpack	2.3.4	2.3.4.x
automattic / jetpack	2.0.4	2.0.4.x
automattic / jetpack	2.1	2.1.x
automattic / jetpack	2.2.2	2.2.2.x
automattic / jetpack	2.3.3	2.3.3.x
automattic / jetpack	2.9.1	2.9.1.x
automattic / jetpack	2.1.2	2.1.2.x
automattic / jetpack	2.4.2	2.4.2.x
automattic / jetpack	2.7	2.7.x
automattic / jetpack	2.9	2.9.x
automattic / jetpack	2.0.1	2.0.1.x
automattic / jetpack	2.4	2.4.x
automattic / jetpack	2.9.3	2.9.3.x
automattic / jetpack	2.3.5	2.3.5.x
automattic / jetpack	2.1.1	2.1.1.x
automattic / jetpack	2.2.4	2.2.4.x
automattic / jetpack	1.9	1.9.x
automattic / jetpack	2.6.1	2.6.1.x
automattic / jetpack	2.0	2.0.x
automattic / jetpack	2.0.3	2.0.3.x
automattic / jetpack	2.2.1	2.2.1.x
automattic / jetpack	2.2	2.2.x
automattic / jetpack	2.3	2.3.x
automattic / jetpack	2.2.5	2.2.5.x
automattic / jetpack	2.3.1	2.3.1.x
automattic / jetpack	1.9.2	1.9.2.x
automattic / jetpack	2.4.1	2.4.1.x
automattic / jetpack	2.3.2	2.3.2.x
automattic / jetpack	2.2.3	2.2.3.x
automattic / jetpack	2.0.2	2.0.2.x
automattic / jetpack	2.9.2	2.9.2.x
automattic / jetpack	2.5	2.5.x
automattic / jetpack	2.6	2.6.x
automattic / jetpack	1.9.1	1.9.1.x
automattic / jetpack	2.8	2.8.x

Vulnerability Database

309,364

CVE-2014-0173

Deep Security Visibility Without the Complexity