CVE-2026-5191

The Tiled Gallery Carousel Without JetPack plugin for WordPress is vulnerable to stored cross-site scripting via the 'data-image-title' parameter in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

CVE-2022-50958

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting (XSS) vulnerability in grunion-form-view.php via the post_id parameter. Unauthenticated attackers can craft URLs with script payloads in post_id to execute arbitrary JavaScript in victims’ browsers. A public exploit exists per...

CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2022-50958

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

WordPress plugin Jetpack 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module...

EUVD-2025-163768

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through = 7.3.2...

CVE-2025-64196

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Reflected XSS.This issue affects Booster for WooCommerce: from n/a through = 7.2.5...

EUVD-2016-1705

Malware in sbrugna...

EUVD-2014-0226

Malware in sbrugna...

EUVD-2018-13503

Malware in sbrugna...

EUVD-2016-1706

Malware in sbrugna...

EUVD-2011-4591

Malware in sbrugna...

EUVD-2015-9199

Malware in sbrugna...

EUVD-2024-44025

Malicious code in bioql PyPI...

EUVD-2024-32508

Malicious code in bioql PyPI...

CVE-2024-4392

The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

CVE-2016-10706

The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link...

CVE-2015-9359

The Jetpack plugin before 3.4.3 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2024-10076

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and abo...