cleantalk
Vulnerabilities and Security Researches

Jetpack Boost – Website Speed, Performance and Critical CSS, CVE-2024-10076

CVE, Research URL

CVE-2024-10076

Home page URL

Security reports for Jetpack Boost – Website Speed, Performance and Critical CSS

Application

Jetpack Boost – Website Speed, Performance and Critical CSS

Published on
May 16, 2025
Research Description
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
Affected versions
Min -, max 3.4.8.
Status
vulnerable
Previous vulnerability researches
WZ Followed Posts – Display what visitors are reading (3eae433fab74b6aaf5f0694092126e677e3ca0fa) , Jun 07, 2024
WZ Followed Posts – Display what visitors are reading (CVE-2025-4171) , May 08, 2025
New vulnerability
WP ULike – Most Advanced WordPress Marketing Toolkit (CVE-2024-12770) , May 17, 2025
Social Slider Feed (CVE-2024-10149) , May 17, 2025
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth (CVE-2024-13313) , May 17, 2025
Easiest Sales Funnel Builder For WordPress & WooCommerce by WPFunnels (CVE-2025-47530) , May 16, 2025
EG-Series (CVE-2025-4126) , May 16, 2025