cleantalk
Vulnerabilities and Security Researches

Jetpack – WP Security, Backup, Speed, & Growth, CVE-2022-50958

CVE, Research URL

CVE-2022-50958

Home page URL

Security reports for Jetpack – WP Security, Backup, Speed, & Growth

Application

Jetpack – WP Security, Backup, Speed, & Growth

Published on
May 10, 2026
Research Description
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter to execute arbitrary JavaScript in victim browsers.
Affected versions
max 9.1.
Status
vulnerable
Previous vulnerability researches
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-24573) , Jan 26, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-2104) , Mar 14, 2025
New vulnerability
Testimonial Slider (CVE-2022-50947) , May 12, 2026
Simple Cloudflare Turnstile – CAPTCHA Alternative (CVE-2026-40799) , May 12, 2026
IP2Location Country Blocker (CVE-2022-50961) , May 12, 2026
Jetpack – WP Security, Backup, Speed, & Growth (CVE-2022-50958) , May 11, 2026
Error Log Monitor, Activity Logs, User Activity Tracking from Logtivity (CVE-2026-8198) , May 11, 2026