4 matches found
CVE-2024-10076
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and abo...
CVE-2024-10076
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and abo...
CVE-2024-10076
The CVE-2024-10076 issue affects Jetpack WordPress plugin versions prior to 13.8 and Jetpack Boost prior to 3.4.8. The root cause is regexes used in the Site Accelerator feature when switching image URLs to the CDN, which may match patterns it shouldn’t, enabling Stored XSS by contributor+ users....
PT-2025-21395 · WordPress · Jetpack +1
Name of the Vulnerable Software and Affected Versions: Jetpack WordPress plugin versions prior to 13.8 Jetpack Boost WordPress plugin versions prior to 3.4.8 Description: The issue concerns the use of regexes in the Site Accelerator features of the Jetpack and Jetpack Boost WordPress plugins when...