WordPress Jetpack plugin < 3.4.8 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Marc Montpas in WordPress Plugin Jetpack Boost versions 3.4.8...

CVE-2024-10076 Jetpack < 13.8, Boost < 3.4.8 - Contributor+ Stored XSS

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and abo...