Jetpack@* Security Vulnerabilities and Issues — Jetpack@* CVE List

Lucene search

AutomatticJetpack*

13 matches found

CVE•added 2021/06/21 8:15 p.m.•147 views

CVE-2021-24374

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published p...

5.3CVSS5.3AI score0.00789EPSS

CVE•added 2023/06/27 2:15 p.m.•146 views

CVE-2023-2996

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.

8.8CVSS9AI score0.2336EPSS

CVE•added 2024/11/07 3:15 p.m.•79 views

CVE-2024-9926

The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form

4.3CVSS4.9AI score0.30982EPSS

CVE•added 2023/11/30 12:15 p.m.•64 views

CVE-2023-45050

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.

6.5CVSS6.1AI score0.00275EPSS

CVE•added 2024/04/24 4:15 p.m.•62 views

CVE-2023-47774

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.

5.4CVSS6.8AI score0.00044EPSS

CVE•added 2024/06/19 11:15 a.m.•51 views

CVE-2023-47788

Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.

4.3CVSS4.6AI score0.00155EPSS

CVE•added 2019/08/28 3:15 p.m.•48 views

CVE-2015-9359

The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().

6.1CVSS6AI score0.00439EPSS

CVE•added 2018/01/12 7:29 p.m.•39 views

CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.

6.1CVSS6AI score0.00207EPSS

CVE•added 2011/12/02 6:55 p.m.•38 views

CVE-2011-4673

SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5CVSS8.8AI score0.00159EPSS

CVE•added 2024/12/25 6:15 a.m.•38 views

CVE-2024-10858

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.

6.1CVSS6.5AI score0.00036EPSS

CVE•added 2018/01/12 7:29 p.m.•27 views

CVE-2016-10706

The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.

6.1CVSS5.9AI score0.00207EPSS

CVE•added 2025/05/15 8:15 p.m.•19 views

CVE-2024-10075

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.

5.6CVSS7AI score0.00082EPSS

CVE•added 2025/05/15 8:15 p.m.•19 views

CVE-2024-10076

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above...

5.9CVSS5.9AI score0.00042EPSS