Jetpack

This hub aggregates every CVE we track for Jetpack, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jetpack.

• CVE-2022-50958WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php6.1May 10, 2026
• CVE-2023-54332Jetpack 11.4 - Cross Site Scripting (XSS)6.1Jan 13, 2026
• CVE-2024-10076Jetpack < 13.8, Boost < 3.4.8 - Contributor+ Stored XSS5.9May 15, 2025
• CVE-2024-10075Jetpack < 13.8 - Unauthenticated Arbitrary Block & Shortcode Execution5.6May 15, 2025
• CVE-2024-10858Jetpack 13.0-14.0 - Unauthenticated DOM-XSS6.1Dec 25, 2024
• CVE-2024-9926Jetpack < 13.9.1 - Subscriber+ Arbitrary Feedback Access4.3Nov 7, 2024
• CVE-2023-47788WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability4.3Jun 19, 2024
• CVE-2024-4392Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode6.4May 14, 2024
• CVE-2023-47774WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability5.4Apr 24, 2024
• CVE-2023-45050WordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)6.5Nov 30, 2023
• CVE-2023-2996Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API8.8Jun 27, 2023
• CVE-2021-24374Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak5.3Jun 21, 2021
• CVE-2015-9359The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().6.1Aug 28, 2019
• CVE-2016-10706The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.6.1Jan 12, 2018
• CVE-2016-10705The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.6.1Jan 12, 2018