Every CVE whose affected-product data names Automattic Jetpack, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2023-2996 — CVSS 8.8 (high): The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate…
CVE-2011-4673 — CVSS 7.5 (high): SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL…
CVE-2023-45050 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security…
CVE-2024-4392 — CVSS 6.4 (medium): The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's…
CVE-2024-10858 — CVSS 6.1 (medium): The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed…
CVE-2023-54332 — CVSS 6.1 (medium): Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts…
CVE-2015-9359 — CVSS 6.1 (medium): The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2024-10076 — CVSS 5.9 (medium): The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when…
CVE-2014-0173 — CVSS 5.8 (medium): The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before…
CVE-2024-10075 — CVSS 5.6 (medium): The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users…
CVE-2023-47774 — CVSS 5.4 (medium): Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack…
CVE-2021-24374 — CVSS 5.3 (medium): The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows…
CVE-2023-47788 — CVSS 4.3 (medium): Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.
CVE-2024-9926 — CVSS 4.3 (medium): The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as…