cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forjetpack-boost jetpack-boost

Direction: ascending
Aug 02, 2024

Jetpack Boost – Website Speed, Performance and Critical CSS # CVE-2024-6584

CVE, Research URL

CVE-2024-6584

Home page URL

Security reports for Jetpack Boost – Website Speed, Performance and Critical CSS

Application

Jetpack Boost – Website Speed, Performance and Critical CSS

Date
May 16, 2025
Research Description
The 'wp_ajax_boost_proxy_ig' action allows administrators to make GET requests to arbitrary URLs.
Affected versions
Min -, max -.
Status
vulnerable
May 16, 2025

Jetpack Boost – Website Speed, Performance and Critical CSS # CVE-2024-10076

CVE, Research URL

CVE-2024-10076

Home page URL

Security reports for Jetpack Boost – Website Speed, Performance and Critical CSS

Application

Jetpack Boost – Website Speed, Performance and Critical CSS

Date
May 16, 2025
Research Description
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
Affected versions
Min -, max -.
Status
vulnerable