Vulnerabilities > Automattic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2016-10706 | Cross-site Scripting vulnerability in Automattic Jetpack The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. | 4.3 |
| 2018-01-12 | CVE-2016-10705 | Cross-site Scripting vulnerability in Automattic Jetpack The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. | 4.3 |
| 2015-06-17 | CVE-2015-3429 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. | 4.3 |
| 2014-04-22 | CVE-2014-0173 | Permissions, Privileges, and Access Controls vulnerability in Automattic Jetpack The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. | 5.8 |