EUVD-2022-55979

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2026-22356 WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through = 6.7.0...

WordPress Jetpack Boost plugin < 3.4.7 - Admin+ SSRF vulnerability

Admin+ SSRF vulnerability discovered by Miguel Xavier Penha Neto in WordPress Plugin Jetpack Boost versions 3.4.7...

WordPress Jetpack plugin < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution vulnerability

Unauthenticated Arbitrary Block & Shortcode Execution vulnerability discovered by Marc Montpas in WordPress Plugin Jetpack versions 13.8...

CVE-2024-56006

CVE-2024-56006 is a Missing Authorization (Broken Access Control) vulnerability in Automattic Jetpack Debug Tools for WordPress. Affected versions are prior to 2.0.1; the issue enables unauthenticated access to the Jetpack Debug Tools functionality. The CVSS base score is 5.3 (Network attack, no ...

WordPress Jetpack plugin 13.0-14.0 - Unauthenticated DOM-XSS vulnerability

Unauthenticated DOM-XSS vulnerability discovered by Eldar hakupiku in WordPress Plugin Jetpack versions 13.0-14.0...

WordPress Jetpack Plugin <= 13.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Jetpack Type Plugin Vulnerable versions = 13.3.1 Fixed in 13.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4392 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4df1d2819cc7 Credits wesley wcraft Required privilege...

WordPress plugin Jetpack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2023-45050 WordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1...

WordPress Plugin Jetpack Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Jetpack Plugin < 12.7 is vulnerable to Clickjacking

Software Jetpack Type Plugin Vulnerable versions 12.7 Fixed in 12.7 OWASP Top 10 A3: Injection Classification Clickjacking CVE CVE-2023-47774 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 18fefcc21cac Credits Rafie Muhammad Patchstack Required privilege Contributor...

WordPress Jetpack Plugin < 12.7 is vulnerable to Broken Access Control

Software Jetpack Type Plugin Vulnerable versions 12.7 Fixed in 12.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47788 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 78da756327ec Credits Rafie Muhammad Patchstack Required...

WordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)

Software Jetpack Type Plugin Vulnerable versions = 12.8-a.1 Fixed in 12.8-a.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45050 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8bdf519cb2b8 Credits Rafie Muhammad Patchstack Required...

WordPress plugin Jetpack 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error vulnerabilit...

WordPress JetPack Plugin Arbitrary File Manipulation Vulnerability (CVE-2023-2996)

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:automattic:jetpack"; if description...

WordPress Jetpack Plugin <= 12.1 is vulnerable to Broken Access Control

Software Jetpack Type Plugin Vulnerable versions = 12.1 Fixed in 12.1.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE N/A Patch priority High CVSS severity High 9 Developer Claim ownership PSID e45930af254c Credits Jetpack Required privilege Author Published 30...

WordPress Jetpack CRM Plugin <= 5.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Jetpack CRM Type Plugin Vulnerable versions = 5.3.1 Fixed in 5.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-3342 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 2994df20ff0f Credits Ramuel Gall Required...

WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Jetpack CRM Type Plugin Vulnerable versions = 5.4.4 Fixed in 5.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27429 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ddffc0e309f7 Credits Team WeBoB Required privile...

WordPress Jetpack plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site. Jetpack is one of the plugin package contains a variety of features such as social sharing, social login and social...

Jetpack Plugin for WordPress Security Bypass

The WordPress Jetpack plugin installed on the remote host is affected by a security bypass vulnerability due to a flaw in the 'class.jetpack.php' script. This can allow a remote, unauthenticated attacker to submit crafted XML-RPC requests that bypass access controls, allowing the attacker to...