Known Vulnerabilities for Jetpack by Automattic
Listed below are 6 of the newest known vulnerabilities associated with "Jetpack" by "Automattic".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-32586 | Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Con... | Not Provided | 2026-03-17 | 2026-04-01 |
| CVE-2026-24148 | NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could c... | Not Provided | 2026-03-31 | 2026-04-01 |
| CVE-2025-32494 | Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack recaptcha-jetpack allows Cross Site Request Forge... | Not Provided | 2025-04-09 | 2026-04-01 |
| CVE-2025-32251 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in J. Tyler Wiest Jetpack Feedback E... | Not Provided | 2025-04-04 | 2026-04-01 |
| CVE-2021-24374 | The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery... | 5.3 - MEDIUM | 2021-06-21 | 2023-02-04 |
| CVE-2016-10706 | The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. | 6.1 - MEDIUM | 2018-01-12 | 2018-01-24 |
| CVE-2016-10705 | The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. | 6.1 - MEDIUM | 2018-01-12 | 2018-01-24 |
| CVE-2015-9359 | The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-08-30 |
| CVE-2014-0173 | The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2... | 5.8 - MEDIUM | 2014-04-22 | 2017-08-29 |
| CVE-2011-4673 | SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute ... | 7.5 - HIGH | 2011-12-02 | 2017-08-29 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Automattic | Jetpack | 4.0.3 | All | All | All |
| Application | Automattic | Jetpack | 4.0.2 | All | All | All |
| Application | Automattic | Jetpack | 4.0.1 | All | All | All |
| Application | Automattic | Jetpack | 4.0.0 | All | All | All |
| Application | Automattic | Jetpack | 3.9.6 | All | All | All |
| Application | Automattic | Jetpack | 3.9.5 | All | All | All |
| Application | Automattic | Jetpack | 3.9.4 | All | All | All |
| Application | Automattic | Jetpack | 3.9.3 | All | All | All |
| Application | Automattic | Jetpack | 3.9.2 | All | All | All |
| Application | Automattic | Jetpack | 3.9.1 | All | All | All |
| Application | Automattic | Jetpack | 3.9.0 | All | All | All |
| Application | Automattic | Jetpack | 3.8.2 | All | All | All |
| Application | Automattic | Jetpack | 3.8.1 | All | All | All |
| Application | Automattic | Jetpack | 3.8.0 | All | All | All |
| Application | Automattic | Jetpack | 3.7.2 | All | All | All |
| Application | Automattic | Jetpack | 3.7.1 | All | All | All |
| Application | Automattic | Jetpack | 3.7 | All | All | All |
| Application | Automattic | Jetpack | 3.6.1 | All | All | All |
| Application | Automattic | Jetpack | 3.6 | All | All | All |
| Application | Automattic | Jetpack | 3.5.3 | All | All | All |