Vulnerabilities > Automattic > Jetpack > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-45050 Cross-site Scripting vulnerability in Automattic Jetpack
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
network
low complexity
automattic CWE-79
5.4
2021-06-21 CVE-2021-24374 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Jetpack
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images.
network
low complexity
automattic CWE-639
5.3
2019-08-28 CVE-2015-9359 Cross-site Scripting vulnerability in Automattic Jetpack
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
low complexity
automattic CWE-79
6.1
2018-01-12 CVE-2016-10706 Cross-site Scripting vulnerability in Automattic Jetpack
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
network
low complexity
automattic CWE-79
6.1
2018-01-12 CVE-2016-10705 Cross-site Scripting vulnerability in Automattic Jetpack
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
network
low complexity
automattic CWE-79
6.1