📦 Jetpack

This vulnerability in the Jetpack WordPress plugin allows users with author roles or higher to upload malicious files without validation, potentially leading to file manipulation, deletion, and in rar...

This cross-site scripting vulnerability in Jetpack's contact form module allows attackers to inject malicious JavaScript through crafted URLs. When victims interact with the contact form page, attacke...

This vulnerability in Jetpack and Jetpack Boost WordPress plugins allows contributor-level and higher users to inject malicious scripts through image URLs, which are then executed when other users vie...

This vulnerability in the Jetpack WordPress plugin allows attackers to bypass postMessage origin checks, leading to DOM-based cross-site scripting (XSS). It affects websites hosted on WordPress.com us...

The Jetpack WordPress plugin contains an authorization vulnerability in a REST endpoint that allows any authenticated user (including low-privilege subscribers) to read arbitrary feedback data submitt...

This CVE describes a Missing Authorization vulnerability in Automattic's Jetpack WordPress plugin that allows contributors to perform actions they shouldn't be authorized for. It affects all WordPress...