CVE-2026-22356 WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through = 6.7.0...

WordPress Jetpack CRM Plugin <= 5.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Jetpack CRM Type Plugin Vulnerable versions = 5.3.1 Fixed in 5.4.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-3342 Patch priority Low CVSS severity Low 5 Developer Claim ownership PSID 2994df20ff0f Credits Ramuel Gall Required...

WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS)

Software Jetpack CRM Type Plugin Vulnerable versions = 5.4.4 Fixed in 5.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27429 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID ddffc0e309f7 Credits Team WeBoB Required privile...