cleantalk
Vulnerabilities and Security Researches

Jetpack – WP Security, Backup, Speed, & Growth, bfed3099-bd41-4988-a76b-2b9349051879

CVE, Research URL

bfed3099-bd41-4988-a76b-2b9349051879

Home page URL

Security reports for Jetpack – WP Security, Backup, Speed, & Growth

Application

Jetpack – WP Security, Backup, Speed, & Growth

Published on
-
Research Description
Jetpack &#8211; WP Security, Backup, Speed, &amp; Growth [jetpack] < 13.2.1 Jetpack &lt; 13.2.1 - Contributor+ Stored XSS The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions
max 13.2.1.
Status
vulnerable
Previous vulnerability researches
Jetpack Feedback Exporter (CVE-2025-32251) , Apr 06, 2025
reCAPTCHA Jetpack (CVE-2025-32494) , Apr 11, 2025
reCAPTCHA Jetpack (CVE-2024-3941) , Jun 07, 2024
reCAPTCHA Jetpack (CVE-2024-3940) , Jun 07, 2024
Tiled Gallery Carousel Without JetPack (CVE-2026-5191) , Jun 03, 2026
New vulnerability
Cornerstone (CVE-2026-9710) , Jun 26, 2026
Cornerstone (CVE-2026-9709) , Jun 26, 2026
Essential Blocks – Page Builder Gutenberg Blocks, Patterns &amp; Templates (CVE-2026-10833) , Jun 26, 2026
Post Duplicator (CVE-2026-10749) , Jun 26, 2026
Tourfic – Ultimate Hotel Booking, Travel Booking &amp; Apartment Booking WordPress Plugin | WooCommerce Booking (CVE-2026-12937) , Jun 26, 2026