84 matches found
Jetpack 11.4 - Cross Site Scripting (XSS)
Exploit Title: Jetpack 11.4 - Cross Site Scripting XSS Date: 2022-10-19 Author: Behrouz Mansoori Software Link: https://wordpress.org/plugins/jetpack Version: 11.4 Tested on: Mac m1 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and ta...
WordPress Jetpack 9.1 Plugin - Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin Jetpack 9.1 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://wordpress.org/plugins/jetpack Version: 9.1 Tested on: Windows 11 CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and tab...
PT-2021-15909 · WordPress · Jetpack
Name of the Vulnerable Software and Affected Versions: JetPack WordPress plugin versions prior to 9.8 Description: A security issue was found in the Jetpack Carousel module, which allows users to create image galleries and comment on images. This issue, discovered by nguyenhg vcs, enables the...
WordPress Jetpack plugin cross-site scripting vulnerability (CNVD-2019-30395)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Jetpack is one of the WordPress site security management tools used in it. A cross-site scripting vulnerability exists in the WordPress...
CVE-2015-9359
The Jetpack plugin before 3.4.3 for WordPress has XSS via addqueryarg and removequeryarg...
Design/Logic Flaw
The Jetpack plugin before 3.4.3 for WordPress has XSS via addqueryarg and removequeryarg...
WordPress Jetpack plugin cross-site scripting vulnerability (CNVD-2018-01270)
WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site. Jetpack is one of the plugin package contains a variety of features such as social sharing, social login and social...
CVE-2016-10706
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link...
CVE-2016-10705
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module...
Design/Logic Flaw
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link...
CVE-2016-10706
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link...
CVE-2016-10705
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module...
CVE-2016-10706
The CVE-2016-10706 affects the WordPress Jetpack plugin prior to version 4.0.3. A cross-site scripting (XSS) vulnerability can be triggered by a specially crafted Vimeo link. Public sources (NVD/Red Hat/CNVD) confirm the issue as a vulnerability in Jetpack’s handling of Vimeo content; the cited r...
WordPress Jetpack Plugin HTML Injection Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language.Jetpack is one of the plugin packages that includes a variety of features such as social sharing, social login and social commenting. An HTML injection vulnerability exists in WordPress...
Trello: XSS in Jetpack plugin
Hey, It seems like you are using an unpatched Jetpack version. Your changelog says so http://blog.trello.com/wp-content/plugins/jetpack/changelog.txt It is known to be vulnerable to XSS Check it https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/ Please update your plugin. Than...
Trello: XSS in Jetpack Plugin
The stored XSS bug puts any affected WordPress website at risk of being completely taken over. The issue was fixed earlier this week with the release of Jetpack 3.7.1 and 3.7.2, but anyone who is still running Jetpack 3.7 or lower is vulnerable. I checked and the version of jetpack plugin which y...
WordPress Jetpack Plugin Security Patch
After a few critical bugs were recently discovered and patched in the core WordPress engine—a rarity with WordPress-related security issues—order has apparently been restored with the discovery of a critical vulnerability in a popular plugin. Insecure plugins have been at the heart of numerous...
Jetpack Plugin for WordPress Security Bypass
The WordPress Jetpack plugin installed on the remote host is affected by a security bypass vulnerability due to a flaw in the 'class.jetpack.php' script. This can allow a remote, unauthenticated attacker to submit crafted XML-RPC requests that bypass access controls, allowing the attacker to...
CVE-2014-0173
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to...
Information disclosure
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to...