Vulnerabilities and security researches forjetpack jetpack

Direction: ascending

Jun 07, 2024

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2015-9359

CVE, Research URL: CVE-2015-9359
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Aug 28, 2019
Research Description: The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
Affected versions: max 3.4.3.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2016-10705

CVE, Research URL: CVE-2016-10705
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Jan 13, 2018
Research Description: The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
Affected versions: max 4.0.4.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2016-10706

CVE, Research URL: CVE-2016-10706
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Jan 13, 2018
Research Description: The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
Affected versions: max 4.0.3.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2011-4673

CVE, Research URL: CVE-2011-4673
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Dec 03, 2011
Research Description: SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected versions: Min 5.1, max 1.1.3.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2021-24374

CVE, Research URL: CVE-2021-24374
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Jun 22, 2021
Research Description: The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked.
Affected versions: max 9.8.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2014-0173

CVE, Research URL: CVE-2014-0173
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Apr 22, 2014
Research Description: The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information.
Affected versions: max 2.9.3.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2023-2996

CVE, Research URL: CVE-2023-2996
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Jun 27, 2023
Research Description: The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
Affected versions: max 12.1.1.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2023-47774

CVE, Research URL: CVE-2023-47774
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Apr 24, 2024
Research Description: Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.
Affected versions: max 12.7.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2024-4392

CVE, Research URL: CVE-2024-4392
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: May 14, 2024
Research Description: The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 13.4.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2023-45050

CVE, Research URL: CVE-2023-45050
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Nov 30, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
Affected versions: max 12.8-a.3.
Status: vulnerable

Jun 10, 2024

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2023-47788

CVE, Research URL: CVE-2023-47788
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Jun 19, 2024
Research Description: Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.
Affected versions: max 12.7.
Status: vulnerable

Oct 15, 2024

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2024-9926

CVE, Research URL: CVE-2024-9926
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Nov 07, 2024
Research Description: The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form
Affected versions: max 13.9.1.
Status: vulnerable

Dec 26, 2024

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2024-10858

CVE, Research URL: CVE-2024-10858
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Dec 25, 2024
Research Description: The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.
Affected versions: Min 13.0, max 14.1.
Status: vulnerable

May 17, 2025

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2024-10075

CVE, Research URL: CVE-2024-10075
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: May 16, 2025
Research Description: The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.
Affected versions: max 13.8.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2024-10076

CVE, Research URL: CVE-2024-10076
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: May 16, 2025
Research Description: The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
Affected versions: max 13.8.
Status: vulnerable

Jan 28, 2026

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2023-54332

CVE, Research URL: CVE-2023-54332
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Jan 14, 2026
Research Description: Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact with the contact form page.
Affected versions: max 11.4.
Status: vulnerable

May 11, 2026

Jetpack – WP Security, Backup, Speed, & Growth # CVE-2022-50958

CVE, Research URL: CVE-2022-50958
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: May 10, 2026
Research Description: WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter to execute arbitrary JavaScript in victim browsers.
Affected versions: max 9.1.
Status: vulnerable

Jun 16, 2026

Jetpack – WP Security, Backup, Speed, & Growth # f52f6532055a5f1c7231d800dddcd84719043ac0

CVE, Research URL: f52f6532055a5f1c7231d800dddcd84719043ac0
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Jun 20, 2016
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 4.0.4 WordPress Jetpack Plugin <= 4.0.3 - Multiple Vulnerabilities This plugin is prone to a cross site scripting vulnerability via Likes module. Also, settings of Post By Email could be changed. Upgrade this plugin.
Affected versions: max 4.0.4.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # e0194f13754886d9e99f239c49e2dd5c3ca9f66f

CVE, Research URL: e0194f13754886d9e99f239c49e2dd5c3ca9f66f
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: May 26, 2016
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 4.0.3 WordPress Jetpack Plugin <= 4.0.2 - Stored Cross Site Scripting This plugin is prone to a shortcode stored cross site scripting vulnerability. Update the plugin.
Affected versions: max 4.0.3.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 8957b847d52dd4bd0aba4f41fd974ca8ec1dae09

CVE, Research URL: 8957b847d52dd4bd0aba4f41fd974ca8ec1dae09
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Nov 21, 2019
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 7.9.1 WordPress Jetpack plugin <=7.9 - Shortcode embedding system vulnerability Shortcode embedding system vulnerability found by Adham Sadaqah in WordPress Jetpack plugin (versions <=7.9).
Affected versions: max 7.9.1.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 1e59c14219c405d0065d8442cbef73aaecd1482f

CVE, Research URL: 1e59c14219c405d0065d8442cbef73aaecd1482f
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Dec 12, 2018
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 6.5 WordPress Jetpack plugin <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by RIPS Technologies in WordPress Jetpack plugin (versions <= 6.4.2).
Affected versions: max 6.5.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 2a2f5da6-497f-4513-ad62-2f6f52b1852f

CVE, Research URL: 2a2f5da6-497f-4513-ad62-2f6f52b1852f
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: -
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.9.2 Jetpack <= 3.9.1 - LaTeX HTML Element XSS The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by a LaTeX HTML Element XSS security vulnerability.
Affected versions: max 3.9.2.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 5e63453f-4d95-4bc3-9338-2d77f95f9ee7

CVE, Research URL: 5e63453f-4d95-4bc3-9338-2d77f95f9ee7
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: -
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 6.5 Jetpack <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS) According to RIPS Technologies: "RIPS detected a Stored XSS vulnerability that affects a module available to premium and professional users of Jetpack. Attackers who gained control over an account on the target site with at least Contributor privileges were able to inject arbitrary JavaScript code into the HTML markup of a blog post. Once the administrator of the target site views the malicious blog post, evil JavaScript code is executed which compromises the target server."
Affected versions: max 6.5.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # dad3ea5b-2420-4022-b26d-769f63ed01e7

CVE, Research URL: dad3ea5b-2420-4022-b26d-769f63ed01e7
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: -
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.7.1 Jetpack <= 3.7.0 - Stored Cross-Site Scripting (XSS) Jetpack versions 3.7.0 and earlier are vulnerable to a cross-site scripting vulnerability in the contact form due to improper input sanitization. Reported by Marc-Alexandre Montpas from Sucuri.
Affected versions: max 3.7.1.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # a8073510758ddc46d88dbae64b770262e9ef8de3

CVE, Research URL: a8073510758ddc46d88dbae64b770262e9ef8de3
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Oct 19, 2019
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] <= 7.9 Jetpack <= 7.9 - Stored Cross-Site Scripting The Jetpack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a shortcode in versions up to, and including, 7.9. This makes it possible for medium-level authenticated attackers to inject arbitrary web scripts in administrative pages and posts that execute whenever a user accesses the page with the stored web scripts.
Affected versions: max 7.9.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # df630c09b5ae69e0a0120e4fd48c13734af822c3

CVE, Research URL: df630c09b5ae69e0a0120e4fd48c13734af822c3
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Feb 25, 2016
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.9.2 WordPress Jetpack Plugin <= 3.9.1 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update the plugin.
Affected versions: max 3.9.2.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 10eb55a17739f28856fa527aa6bdde8481102392

CVE, Research URL: 10eb55a17739f28856fa527aa6bdde8481102392
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Oct 01, 2015
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.7.1 WordPress Jetpack Plugin <= 3.7.0 - Stored Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update the plugin.
Affected versions: max 3.7.1.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 7105cb30-e393-4c79-aeb7-7439bd560738

CVE, Research URL: 7105cb30-e393-4c79-aeb7-7439bd560738
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: -
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] >= 5.1 - <= 7.9 Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by a Vulnerability in Shortcode Embed Code security vulnerability.
Affected versions: Min 5.1, max 7.9.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 942fbc3f5443cec830840105ebdb1de0fa7efa6c

CVE, Research URL: 942fbc3f5443cec830840105ebdb1de0fa7efa6c
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Feb 14, 2019
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 7.0.1 Jetpack < 7.0.1 - Cross-Site Scripting The Jetpack plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 7.0.1.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 8b2577c950eb5e19c4bf87ece5f8d4ae541b0f5d

CVE, Research URL: 8b2577c950eb5e19c4bf87ece5f8d4ae541b0f5d
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Dec 11, 2018
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 6.5 Jetpack <= 6.4.2 - Cross-Site Scripting via post_meta Jetpack up to 6.4.2 is vulnerable to stored Cross-Site Scripting. This allows attackers with contributor privileges to inject arbitrary JavaScript code into the HTML markup of a blog post.
Affected versions: max 6.5.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 1a116fa108cde0d07f6175075a8c01a62d2aa3a3

CVE, Research URL: 1a116fa108cde0d07f6175075a8c01a62d2aa3a3
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Apr 26, 2017
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 4.2 Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - Reflected Cross-Site Scripting The Jetpack plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the add_query_args() function in versions up to, and including, 4.1.x due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 4.2.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 8ed4441a22433575555360042e387ed808c4d995

CVE, Research URL: 8ed4441a22433575555360042e387ed808c4d995
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Oct 01, 2015
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.7.1 WordPress Jetpack Plugin <= 3.7.0 - Information Disclosure This plugin is prone to an information disclosure vulnerability in certain hosting configurations. Update the plugin.
Affected versions: max 3.7.1.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # a0b05003fca46d758e30f5d242f081813667d8b1

CVE, Research URL: a0b05003fca46d758e30f5d242f081813667d8b1
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Apr 20, 2015
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.4.3 WordPress Jetpack Plugin <= 3.4.2 - Cross Site Scripting Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Update the plugin.
Affected versions: max 3.4.3.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 2765d571-059b-4d6f-948c-3ca7b9febcdc

CVE, Research URL: 2765d571-059b-4d6f-948c-3ca7b9febcdc
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: -
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.5.3 Jetpack <= 3.5.2 - Unauthenticated DOM Cross-Site Scripting (XSS) Genericons <= 3.2 vulnerable to DOM XSS in the example.html file due to using outdated version of jQuery and vulnerable code. Vulnerable Code: permalink = "genericon-" + window.location.hash.split('#')[1]; cssclass = jQuery( '.' + permalink ).attr('class');
Affected versions: max 3.5.3.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 8843339ca3c547f9c5d5f0f7836e27744a9bed9e

CVE, Research URL: 8843339ca3c547f9c5d5f0f7836e27744a9bed9e
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: May 06, 2015
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.5.3 WordPress Jetpack Plugin <= 3.5.2 - Cross Site Scripting This plugin is prone to an unauthenticated DOM cross site scripting vulnerability. Update the plugin.
Affected versions: max 3.5.3.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # f36531a9-1670-4122-9f41-afcf71376375

CVE, Research URL: f36531a9-1670-4122-9f41-afcf71376375
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: -
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.7.1 Jetpack <= 3.7.0 - Information Disclosure The Jetpack – WP Security, Backup, Speed, & Growth WordPress plugin was affected by an Information Disclosure security vulnerability.
Affected versions: max 3.7.1.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 2eea75d0fc2b65a7108d03281f162fe8a9c8bf09

CVE, Research URL: 2eea75d0fc2b65a7108d03281f162fe8a9c8bf09
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: May 06, 2015
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.5.3 Jetpack <= 3.5.2 - Cross-Site Scripting The Jetpack plugin for WordPress, in versions up to 3.5.2, is vulnerable to DOM based Cross-Site Scripting via the file genericons/example.html. This vulnerability allowed unauthenticated users to execute JavaScript in a visitor's browser provided they were able to trick them into clicking on a carefully crafted link. Executing JavaScript in an administrative user was possible if the victim was logged on to the affected site as an administrator.
Affected versions: max 3.5.3.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # bfed3099-bd41-4988-a76b-2b9349051879

CVE, Research URL: bfed3099-bd41-4988-a76b-2b9349051879
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: -
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 13.2.1 Jetpack < 13.2.1 - Contributor+ Stored XSS The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions: max 13.2.1.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # d0e43e57b78d7c62d3889e9cfbe510dd852a313a

CVE, Research URL: d0e43e57b78d7c62d3889e9cfbe510dd852a313a
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Feb 25, 2016
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.9.2 Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Cross-Site Scripting via LaTeX markup within HTML elements The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Cross-Site Scripting via LaTeX markup within HTML elements in versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts that execute in a victim's browser.
Affected versions: max 3.9.2.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # cc9326052e5e086b429a42db7048d509aabde351

CVE, Research URL: cc9326052e5e086b429a42db7048d509aabde351
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Oct 01, 2015
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.7.2 Jetpack <= 3.7.1 - Stored Cross-Site Scripting Jetpack versions 3.7.0 and earlier are vulnerable to a Cross-Site Scripting vulnerability in the contact form due to improper input sanitization. This allows an unauthenticated attacker to inject JavaScript into the contact form that can potentially execute in a site administrators browser.
Affected versions: max 3.7.2.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 44e791e3a465b767ceef958ba075d6d455c1eca0

CVE, Research URL: 44e791e3a465b767ceef958ba075d6d455c1eca0
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Feb 25, 2016
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.9.2 Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Sensitive Information Disclosure The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 3.9.1. This makes it possible for authenticated attackers with database access to extract sensitive data including plaintext credentials due to plaintext storage of those credentials.
Affected versions: max 3.9.2.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 812b14ffc09bec4b95673cda3d5d0040ba8a0462

CVE, Research URL: 812b14ffc09bec4b95673cda3d5d0040ba8a0462
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Oct 01, 2015
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 3.7.2 Jetpack <= 3.7.1 - Information disclosure Jetpack up to 3.7.1 is affected by an information disclosure vulnerability.
Affected versions: max 3.7.2.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # b35a9ee3f9722b7f631592b6b4e53a3f52a76560

CVE, Research URL: b35a9ee3f9722b7f631592b6b4e53a3f52a76560
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: May 30, 2023
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 12.1.1 WordPress Jetpack Plugin <= 12.1 is vulnerable to Broken Access Control Update the WordPress Jetpack plugin to the latest available version (at least 12.1.1). Jetpack discovered and reported this Broken Access Control vulnerability in WordPress Jetpack Plugin. This vulnerability has been fixed in version 12.1.1.
Affected versions: max 12.1.1.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 7b4bc72eb58f6eb409ec7f6222a169e5917d3585

CVE, Research URL: 7b4bc72eb58f6eb409ec7f6222a169e5917d3585
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Apr 26, 2017
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 4.2 Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - CSV Injection The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 4.2. This allows unauthenticated attackers to embed untrusted input into data via contact forms that will be injected into exported CSV files. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.
Affected versions: max 4.2.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # ffd169a15f0b3f3b7e9e5d2a66f48050efccf852

CVE, Research URL: ffd169a15f0b3f3b7e9e5d2a66f48050efccf852
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Apr 26, 2017
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 4.2 Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - Timing Attack The Jetpack plugin for WordPress is vulnerable to timing attacks in versions up to, and including, 4.1.x. This is due to lack of a safe string comparison function.
Affected versions: max 4.2.
Status: vulnerable

Jetpack – WP Security, Backup, Speed, & Growth # 162e5bc508a8fca3a94873242e3470bb3364bf22

CVE, Research URL: 162e5bc508a8fca3a94873242e3470bb3364bf22
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Oct 14, 2024
Research Description: Jetpack – WP Security, Backup, Speed, & Growth [jetpack] < 13.9.1 Jetpack < 13.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to unauthorized access of data due to missing capability checks in the Contact_Form_Endpoint class in various versions version up to, but not including, 13.9.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to read all Jetpack form submissions on the site.
Affected versions: max 13.9.1.
Status: vulnerable

Jun 25, 2026

Jetpack – WP Security, Backup, Speed, & Growth # PSC-2026-64665

PSC, Research URL: PSC-2026-64665
Home page URL: Security reports for Jetpack – WP Security, Backup, Speed, & Growth
Application: Jetpack – WP Security, Backup, Speed, & Growth
Date: Jun 25, 2026
Research Description: Security and performance suites operate across many areas of a WordPress installation, including backups, malware scanning, content delivery, statistics, forms, and social publishing. That makes them operationally useful, but also security-sensitive because a broad plugin footprint can affect privileged settings, connected service tokens, public scripts, and administrator workflows. Jetpack - WP Security, Backup, Speed, and Growth version 15.9.1 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64665, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for security suites, backup workflows, performance modules, and connected service integrations.
Affected versions: Min 15.9.1, max 15.9.1.
Status: SAFE & CERTIFIED