Permalink
CVE-2023-45050
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): LOW
WordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
References
- https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jet… third-party-advisory technical-description
- https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-… vdb-entry
- https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-… x_transferred vdb-entry
- https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jet… third-party-advisory x_transferred technical-description
- https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-… vdb-entry
- https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jet… third-party-advisory technical-description
- https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-… x_transferred vdb-entry
- https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jet… third-party-advisory x_transferred technical-description
Affected products
jetpack
- =<12.8-a.1
Matching in nixpkgs
pkgs.wordpressPackages.plugins.jetpack
None
-
nixos-unstable -
- nixpkgs-unstable 14.5
pkgs.wordpressPackages.plugins.jetpack-lite
None
-
nixos-unstable -
- nixpkgs-unstable 3.0.3