GCVE - cpe:2.3:a:automattic:jetpack:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:automattic:jetpack:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Automattic (`1dc39c9b-4ddb-5af6-acf4-410b436129a9`)
Product	Jetpack (`8e486248-a9f4-57c5-84c4-5f354c8b4439`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/automattic/jetpack-wordpress-dev`	purl2cpe	2026-06-01 10:14:42.901751
`pkg:github/automattic/jetpack`	purl2cpe	2026-06-01 10:14:42.901754

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-54332`	vulnerable	2026-06-03 14:53:46.373141	Jetpack 11.4 - Cross Site Scripting (XSS) MEDIUM (6.1) Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact with the contact form page. Published: 2026-01-13T22:56:39.597Z Updated: 2026-05-24T01:37:37.697Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/51104 https://wordpress.org/plugins/jetpack https://www.vulncheck.com/advisories/jetpack-cross-site-scripting-xss	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47788`	vulnerable	2026-06-03 14:53:18.137759	WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7. Published: 2024-06-19T10:33:57.434Z Updated: 2026-04-28T16:08:52.082Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47774`	vulnerable	2026-06-03 14:53:18.108629	WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability MEDIUM (5.4) Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7. Published: 2024-04-24T15:58:40.432Z Updated: 2026-04-28T16:08:51.813Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-7-contributor-iframe-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4673`	vulnerable	2026-06-03 14:31:25.851783	Details available SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. Published: 2011-12-02T18:00:00.000Z Updated: 2024-08-07T00:09:19.506Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/71404 http://www.exploit-db.com/exploits/18126 http://www.securityfocus.com/bid/50730	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.