This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Automattic First view 2014-04-22
Product Jetpack Last view 2023-11-30
Version 2.7 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software wordpress  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:automattic:jetpack

Activity : Overall

Related : CVE

  Date Alert Description
5.4 2023-11-30 CVE-2023-45050

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.

8.8 2023-06-27 CVE-2023-2996

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.

5.3 2021-06-21 CVE-2021-24374

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.

6.1 2019-08-28 CVE-2015-9359

The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().

6.1 2018-01-12 CVE-2016-10706

The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.

6.1 2018-01-12 CVE-2016-10705

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.

5.8 2014-04-22 CVE-2014-0173

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information.

CWE : Common Weakness Enumeration

%idName
66% (4) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (1) CWE-639 Access Control Bypass Through User-Controlled Key
16% (1) CWE-264 Permissions, Privileges, and Access Controls

Nessus® Vulnerability Scanner

id Description
2014-04-23 Name: The remote web server hosts a web application that is affected by a security ...
File: wordpress_jetpack_security_bypass.nasl - Type: ACT_GATHER_INFO