CVE-2024-4392

The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

WordPress Jetpack plugin <= 13.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wpvideo Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Jetpack versions = 13.3.1...

Jetpack < 13.4 - Contributor+ Stored Cross-Site Scripting via wpvideo Shortcode

Description The plugin did not properly escape some of its shortcode attributes, allowing users with at least the contributor role to conduct Stored XSS attacks. PoC wpvideo OcobLTqC freedom=true preloadContent='"src=x onerror=alertdocument.cookie xss'...

PT-2024-30780

Name of the Vulnerable Software and Affected Versions Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress versions up to, and including, 13.3.1 Description The issue is related to Stored Cross-Site Scripting via the plugin's wpvideo shortcode due to insufficient input sanitization...

WordPress plugin Jetpack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Jetpack < 13.4 - Contributor+ Stored Cross-Site Scripting via wpvideo Shortcode

Description The plugin did not properly escape some of its shortcode attributes, allowing users with at least the contributor role to conduct Stored XSS attacks. wpvideo OcobLTqC freedom=true preloadContent='"src=x onerror=alertdocument.cookie xss'...