Automattic: >> Jetpack >> 1.3 Security Vulnerabilities
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-11-30
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
CVSS Score
8.8
EPSS Score
0.217
Published
2023-06-27
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
CVSS Score
5.3
EPSS Score
0.008
Published
2021-06-21
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVSS Score
6.1
EPSS Score
0.004
Published
2019-08-28
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-12
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-12
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-12-02