Jetpack – WP Security, Backup, Speed, & Growth

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Jetpack – WP Security, Backup, Speed, & Growth

Information

Software Type Plugin
Software Slug jetpack (view on wordpress.org)
Software Status Active
Software Author automattic
Software Website jetpack.com
Software Downloads 407,345,219
Software Active Installs 4,000,000
Software Record Last Updated May 18, 2024

Showing 1-20 of 21 Vulnerabilities

Jetpack <= 12.6.2 - Improper Authorization via WPCom External Media REST endpoints
4.3
CVE-2023-47788
Nov 16, 2023
Researcher: Rafie Muhammad
Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Sensitive Information Disclosure
4.9
CVE ID Unknown
Feb 25, 2016
Researcher: Oliver Liu
Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection
5.0
CVE-2023-47774
Nov 16, 2023
Researcher: Rafie Muhammad
JetPack <= 9.7 - Information Disclosure
5.3
CVE-2021-24374
Jun 1, 2021
Researchers:
Jetpack <= 3.7.1 - Information disclosure
5.3
CVE ID Unknown
Oct 1, 2015
Researcher: Jaime Delgado Horna
Jetpack < 2.9.3 - Security Bypass
5.3
CVE-2014-0173
Aug 26, 2014
Researchers:
Jetpack <= 6.4.2 - Cross-Site Scripting via post_meta
5.4
CVE ID Unknown
Dec 11, 2018
Researcher: RIPS Technologies
Jetpack < 7.0.1 - Cross-Site Scripting
6.1
CVE ID Unknown
Feb 14, 2019
Researcher: Jon Morgan
Jetpack <= 4.0.2 - Cross-Site Scripting
6.1
CVE-2016-10706
Apr 26, 2017
Researchers:
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Apr 26, 2017
Researcher: Karim Valiev
Jetpack <= 4.0.3 - Cross-Site Scripting
6.1
CVE-2016-10705
Jun 20, 2016
Researcher: Anonymous
Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Cross-Site Scripting via LaTeX markup within HTML elements
6.1
CVE ID Unknown
Feb 25, 2016
Researcher: Jetpack Scan team
Jetpack <= 3.4.2 - Reflected Cross-Site Scripting
6.1
CVE-2015-9359
Apr 20, 2015
Researchers:
Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode
6.4
CVE-2024-4392
May 13, 2024
Researcher: wesley (wcraft)
Jetpack <= 12.8-a.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute
6.4
CVE-2023-45050
Nov 16, 2023
Researcher: Rafie Muhammad
Jetpack <= 7.9 - Stored Cross-Site Scripting
6.4
CVE ID Unknown
Oct 19, 2019
Researcher: Adham Sadaqah
Jetpack <= 12.1 - Authenticated (Author+) Arbitrary File Manipulation
6.5
CVE-2023-2996
May 30, 2023
Researcher: Miguel Neto
Jetpack <= 3.7.1 - Stored Cross-Site Scripting
7.2
CVE ID Unknown
Oct 1, 2015
Researcher: Marc-Alexandre Montpas
Jetpack <= 3.5.2 - Cross-Site Scripting
7.2
CVE ID Unknown
May 6, 2015
Researchers:
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - CSV Injection
9.6
CVE ID Unknown
Apr 26, 2017
Researchers:
Title Status CVE ID CVSS Researchers Date
Jetpack <= 12.6.2 - Improper Authorization via WPCom External Media REST endpoints Patched CVE-2023-47788 4.3 Rafie Muhammad November 16, 2023
Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Sensitive Information Disclosure Patched 4.9 Oliver Liu February 25, 2016
Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection Patched CVE-2023-47774 5.0 Rafie Muhammad November 16, 2023
JetPack <= 9.7 - Information Disclosure Patched CVE-2021-24374 5.3 June 1, 2021
Jetpack <= 3.7.1 - Information disclosure Patched 5.3 Jaime Delgado Horna October 1, 2015
Jetpack < 2.9.3 - Security Bypass Patched CVE-2014-0173 5.3 August 26, 2014
Jetpack <= 6.4.2 - Cross-Site Scripting via post_meta Patched 5.4 RIPS Technologies December 11, 2018
Jetpack < 7.0.1 - Cross-Site Scripting Patched 6.1 Jon Morgan February 14, 2019
Jetpack <= 4.0.2 - Cross-Site Scripting Patched CVE-2016-10706 6.1 April 26, 2017
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - Reflected Cross-Site Scripting Patched 6.1 Karim Valiev April 26, 2017
Jetpack <= 4.0.3 - Cross-Site Scripting Patched CVE-2016-10705 6.1 Anonymous June 20, 2016
Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Cross-Site Scripting via LaTeX markup within HTML elements Patched 6.1 Jetpack Scan team February 25, 2016
Jetpack <= 3.4.2 - Reflected Cross-Site Scripting Patched CVE-2015-9359 6.1 April 20, 2015
Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode Patched CVE-2024-4392 6.4 wesley (wcraft) May 13, 2024
Jetpack <= 12.8-a.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute Patched CVE-2023-45050 6.4 Rafie Muhammad November 16, 2023
Jetpack <= 7.9 - Stored Cross-Site Scripting Patched 6.4 Adham Sadaqah October 19, 2019
Jetpack <= 12.1 - Authenticated (Author+) Arbitrary File Manipulation Patched CVE-2023-2996 6.5 Miguel Neto May 30, 2023
Jetpack <= 3.7.1 - Stored Cross-Site Scripting Patched 7.2 Marc-Alexandre Montpas October 1, 2015
Jetpack <= 3.5.2 - Cross-Site Scripting Patched 7.2 May 6, 2015
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - CSV Injection Patched 9.6 April 26, 2017

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation