472 matches found
CVE-2024-10076 Jetpack < 13.8, Boost < 3.4.8 - Contributor+ Stored XSS
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and abo...
CVE-2024-10075
The CVE-2024-10075 entry concerns the WordPress Jetpack plugin (pre-13.8). The vulnerability arises from insufficient access control on posts created by the Contact Form, allowing unauthenticated users to access those posts and potentially execute arbitrary shortcodes. The underlying impact is th...
CVE-2024-10075 Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution
The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...
CVE-2024-10076
The CVE-2024-10076 issue affects Jetpack WordPress plugin versions prior to 13.8 and Jetpack Boost prior to 3.4.8. The root cause is regexes used in the Site Accelerator feature when switching image URLs to the CDN, which may match patterns it shouldn’t, enabling Stored XSS by contributor+ users....
CVE-2024-56006
Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...
CVE-2024-56006 WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...
CVE-2024-56006 WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...
CVE-2024-56006
CVE-2024-56006 is a Missing Authorization (Broken Access Control) vulnerability in Automattic Jetpack Debug Tools for WordPress. Affected versions are prior to 2.0.1; the issue enables unauthenticated access to the Jetpack Debug Tools functionality. The CVSS base score is 5.3 (Network attack, no ...
WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Jetpack Debug Tools versions 2.0.1...
PT-2025-21394 · WordPress · Jetpack
Name of the Vulnerable Software and Affected Versions: Jetpack WordPress plugin versions prior to 13.8 Description: The issue concerns the Jetpack WordPress plugin, where posts created by the Contact Form are not properly restricted to authorized users. This could allow unauthenticated users to...
PT-2025-21378 · WordPress · The Better Follow Button For Jetpack
Name of the Vulnerable Software and Affected Versions: The Better Follow Button for Jetpack WordPress plugin versions through 8.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not...
PT-2025-21395 · WordPress · Jetpack +1
Name of the Vulnerable Software and Affected Versions: Jetpack WordPress plugin versions prior to 13.8 Jetpack Boost WordPress plugin versions prior to 3.4.8 Description: The issue concerns the use of regexes in the Site Accelerator features of the Jetpack and Jetpack Boost WordPress plugins when...
PT-2025-21353 · Automattic · Jetpack Debug Tools
Name of the Vulnerable Software and Affected Versions: Automattic Jetpack Debug Tools version prior to 2.0.1 Description: A Missing Authorization issue affects the Jetpack Debug Tools, allowing potential unauthorized access. Recommendations: For versions prior to 2.0.1, update to version 2.0.1 or...
WordPress plugin Jetpack Boost 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Jetpack Debug Tools 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Jetpack 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Better Follow Button for Jetpack 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Jetpack 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
Malicious code in gombot-crypto-jetpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba48695fbf778c02bb57cfbc2de9ca50fd3023213aeaa67d6620451bf15d9463 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3287 Malicious code in gombot-crypto-jetpack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba48695fbf778c02bb57cfbc2de9ca50fd3023213aeaa67d6620451bf15d9463 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...