Lucene search
K

472 matches found

Vulnrichment
Vulnrichment
added 2025/05/15 8:6 p.m.10 views

CVE-2024-10076 Jetpack < 13.8, Boost < 3.4.8 - Contributor+ Stored XSS

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and abo...

5.9AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 8:6 p.m.77 views

CVE-2024-10075

The CVE-2024-10075 entry concerns the WordPress Jetpack plugin (pre-13.8). The vulnerability arises from insufficient access control on posts created by the Contact Form, allowing unauthenticated users to access those posts and potentially execute arbitrary shortcodes. The underlying impact is th...

5.6CVSS7AI score0.00334EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/15 8:6 p.m.7 views

CVE-2024-10075 Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block...

6.7AI score0.00334EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:6 p.m.35 views

CVE-2024-10076

The CVE-2024-10076 issue affects Jetpack WordPress plugin versions prior to 13.8 and Jetpack Boost prior to 3.4.8. The root cause is regexes used in the Site Accelerator feature when switching image URLs to the CDN, which may match patterns it shouldn’t, enabling Stored XSS by contributor+ users....

5.9CVSS5.9AI score0.00274EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2025/05/15 7:15 p.m.21 views

CVE-2024-56006

Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...

5.3CVSS0.00267EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/15 6:24 p.m.11 views

CVE-2024-56006 WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...

5.3CVSS7.2AI score0.00267EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/15 6:24 p.m.20 views

CVE-2024-56006 WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...

5.3CVSS0.00267EPSS
Exploits0References1
CVE
CVE
added 2025/05/15 6:24 p.m.37 views

CVE-2024-56006

CVE-2024-56006 is a Missing Authorization (Broken Access Control) vulnerability in Automattic Jetpack Debug Tools for WordPress. Affected versions are prior to 2.0.1; the issue enables unauthenticated access to the Jetpack Debug Tools functionality. The CVSS base score is 5.3 (Network attack, no ...

5.3CVSS8.6AI score0.00267EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/15 6:22 p.m.8 views

WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Jetpack Debug Tools versions 2.0.1...

5.3CVSS8.3AI score0.00267EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.4 views

PT-2025-21394 · WordPress · Jetpack

Name of the Vulnerable Software and Affected Versions: Jetpack WordPress plugin versions prior to 13.8 Description: The issue concerns the Jetpack WordPress plugin, where posts created by the Contact Form are not properly restricted to authorized users. This could allow unauthenticated users to...

5.6CVSS6AI score0.00334EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.7 views

PT-2025-21378 · WordPress · The Better Follow Button For Jetpack

Name of the Vulnerable Software and Affected Versions: The Better Follow Button for Jetpack WordPress plugin versions through 8.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not...

4.8CVSS7.9AI score0.00255EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.6 views

PT-2025-21395 · WordPress · Jetpack +1

Name of the Vulnerable Software and Affected Versions: Jetpack WordPress plugin versions prior to 13.8 Jetpack Boost WordPress plugin versions prior to 3.4.8 Description: The issue concerns the use of regexes in the Site Accelerator features of the Jetpack and Jetpack Boost WordPress plugins when...

5.9CVSS5.4AI score0.00274EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.7 views

PT-2025-21353 · Automattic · Jetpack Debug Tools

Name of the Vulnerable Software and Affected Versions: Automattic Jetpack Debug Tools version prior to 2.0.1 Description: A Missing Authorization issue affects the Jetpack Debug Tools, allowing potential unauthorized access. Recommendations: For versions prior to 2.0.1, update to version 2.0.1 or...

5.3CVSS6.2AI score0.00267EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin Jetpack Boost 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.1CVSS6.7AI score0.00468EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.8 views

WordPress plugin Jetpack Debug Tools 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.4AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.6 views

WordPress plugin Jetpack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.6CVSS5.9AI score0.00334EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin Better Follow Button for Jetpack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.8CVSS8.1AI score0.00255EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.6 views

WordPress plugin Jetpack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

5.9CVSS5.5AI score0.00274EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/23 5:16 a.m.3 views

Malicious code in gombot-crypto-jetpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba48695fbf778c02bb57cfbc2de9ca50fd3023213aeaa67d6620451bf15d9463 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2025/04/23 5:16 a.m.0 views

MAL-2025-3287 Malicious code in gombot-crypto-jetpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba48695fbf778c02bb57cfbc2de9ca50fd3023213aeaa67d6620451bf15d9463 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder