Automattic Jetpack

16 CVEs affecting Automattic Jetpack. Latest disclosed: 2026-01-13. Critical: 0, High: 1.

Top CVEs affecting Automattic Jetpack
CVESeverityScorePublishedSummary
CVE-2023-2996High8.82023-06-27The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site…
CVE-2023-45050Medium6.52023-11-30Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth…
CVE-2024-4392Medium6.42024-05-14The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all…
CVE-2023-54332Medium6.12026-01-13Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id par…
CVE-2024-10858Medium6.12024-12-25The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-X…
CVE-2015-9359Medium6.12019-08-28The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2016-10706Medium6.12018-01-12The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
CVE-2016-10705Medium6.12018-01-12The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
CVE-2024-10076Medium5.92025-05-15The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs…
CVE-2024-10075Medium5.62025-05-15The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow u…
CVE-2023-47774Medium5.42024-04-24Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.
CVE-2021-24374Medium5.32021-06-21The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on th…
CVE-2024-9926Medium4.32024-11-07The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbit…
CVE-2023-47788Medium4.32024-06-19Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.
CVE-2014-01732014-04-22The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2…
CVE-2011-46732011-12-02SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id…