cleantalk
Vulnerabilities and Security Researches

Jetpack Boost – Website Speed, Performance and Critical CSS, CVE-2024-10076

CVE, Research URL

CVE-2024-10076

Home page URL

Security reports for Jetpack Boost – Website Speed, Performance and Critical CSS

Application

Jetpack Boost – Website Speed, Performance and Critical CSS

Published on
May 16, 2025
Research Description
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
Affected versions
Min -, max 3.4.8.
Status
vulnerable
Previous vulnerability researches
Subaccounts for WooCommerce (CVE-2025-47461) , May 16, 2025
Subaccounts for WooCommerce (CVE-2024-11370) , Nov 23, 2024
Subaccounts for WooCommerce (d549139954f92cf6ed7fd0d234e19d2257f78ba1) , Jun 07, 2024
New vulnerability
ApplyOnline – Application Form Builder and Manager (CVE-2024-10098) , May 17, 2025
Jetpack – WP Security, Backup, Speed, & Growth (CVE-2024-10076) , May 17, 2025
Jetpack – WP Security, Backup, Speed, & Growth (CVE-2024-10075) , May 17, 2025
Auto Prune Posts (CVE-2024-10639) , May 17, 2025
Form builder to get in touch with visitors, grow your email list and collect payments — Happyforms (CVE-2024-10054) , May 17, 2025