Jetpack – WP Security, Backup, Speed, & Growth

Information

Software Type Plugin
Software Slug jetpack (view on wordpress.org)
Software Status Active
Software Author automattic
Software Website jetpack.com
Software Downloads 398,385,198
Software Active Installs 4,000,000
Software Record Last Updated April 19, 2024

20 Vulnerabilities

6.4
CVE ID Unknown
Oct 19, 2019
Researcher: Adham Sadaqah
6.1
CVE ID Unknown
Feb 14, 2019
Researcher: Jon Morgan
5.4
CVE ID Unknown
Dec 11, 2018
Researcher: RIPS Technologies
9.6
CVE ID Unknown
Apr 26, 2017
Researchers:
5.3
CVE ID Unknown
Oct 1, 2015
Researcher: Jaime Delgado Horna
7.2
CVE ID Unknown
Oct 1, 2015
7.2
CVE ID Unknown
May 6, 2015
Researchers:
5.3
Aug 26, 2014
Researchers:
Title CVE ID CVSS Researchers Date
Jetpack <= 12.8-a.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute CVE-2023-45050 6.4 Rafie Muhammad November 16, 2023
Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection CVE-2023-47774 5.0 Rafie Muhammad November 16, 2023
Jetpack <= 12.6.2 - Improper Authorization via WPCom External Media REST endpoints CVE-2023-47788 4.3 Rafie Muhammad November 16, 2023
Jetpack <= 12.1 - Authenticated (Author+) Arbitrary File Manipulation CVE-2023-2996 6.5 Miguel Neto May 30, 2023
JetPack <= 9.7 - Information Disclosure CVE-2021-24374 5.3 June 1, 2021
Jetpack <= 7.9 - Stored Cross-Site Scripting 6.4 Adham Sadaqah October 19, 2019
Jetpack < 7.0.1 - Cross-Site Scripting 6.1 Jon Morgan February 14, 2019
Jetpack <= 6.4.2 - Cross-Site Scripting via post_meta 5.4 RIPS Technologies December 11, 2018
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - CSV Injection 9.6 April 26, 2017
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - Timing Attack 9.8 Scott Arciszewski April 26, 2017
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - Reflected Cross-Site Scripting 6.1 Karim Valiev April 26, 2017
Jetpack <= 4.0.2 - Cross-Site Scripting CVE-2016-10706 6.1 April 26, 2017
Jetpack <= 4.0.3 - Cross-Site Scripting CVE-2016-10705 6.1 Anonymous June 20, 2016
Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Sensitive Information Disclosure 4.9 Oliver Liu February 25, 2016
Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Cross-Site Scripting via LaTeX markup within HTML elements 6.1 Jetpack Scan team February 25, 2016
Jetpack <= 3.7.1 - Information disclosure 5.3 Jaime Delgado Horna October 1, 2015
Jetpack <= 3.7.1 - Stored Cross-Site Scripting 7.2 Marc-Alexandre Montpas October 1, 2015
Jetpack <= 3.5.2 - Cross-Site Scripting 7.2 May 6, 2015
Jetpack <= 3.4.2 - Reflected Cross-Site Scripting CVE-2015-9359 6.1 April 20, 2015
Jetpack < 2.9.3 - Security Bypass CVE-2014-0173 5.3 August 26, 2014

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation