Medium 6.1 Unfixed
2026-05-10≤ 9.1
CVE-2022-50958
Jetpack – WP Security, Backup, Speed, & Growth
Minimum safe version
14.1
Update to 14.1 or later to address 41 fixable vulnerabilities
Latest available15.8 ✓Affected up to7.9 ⚠⚠ 1 vulnerability has no fix
Medium 6.1
2026-01-13= 11.4
CVE-2023-54332
Medium 5.6
2025-05-15< 13.8
CVE-2024-10075
Medium 5.9
2025-05-15< 13.8
CVE-2024-10076
Medium 6.1
2024-12-25≥ 13.0 and < 14.1
CVE-2024-10858
N/A
2024-10-14< 13.9.1
Jetpack < 13.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure
Medium 4.3
2024-11-07< 13.9.1
CVE-2024-9926
Medium 5.4
2024-05-14< 13.4
CVE-2024-4392
N/A
< 13.2.1
Jetpack < 13.2.1 - Contributor+ Stored XSS
Medium 6.5
2023-11-30< 12.8-a.3
CVE-2023-45050
Medium 4.3
2024-06-19< 12.7
CVE-2023-47788
Medium 5.4
2024-04-24< 12.7
CVE-2023-47774
High 8.8
2023-06-27< 12.1.1
CVE-2023-2996
N/A
2023-05-30< 12.1.1
WordPress Jetpack Plugin <= 12.1 is vulnerable to Broken Access Control
N/A
2015-05-06< 3.5.3
Jetpack <= 3.5.2 - Cross-Site Scripting
N/A
2015-10-01< 3.7.2
Jetpack <= 3.7.1 - Stored Cross-Site Scripting
N/A
2015-10-01< 3.7.2
Jetpack <= 3.7.1 - Information disclosure
N/A
2016-02-25< 3.9.2
Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Sensitive Information Disclosure
N/A
2016-02-25< 3.9.2
Jetpack – WP Security, Backup, Speed, & Growth <= 3.9.1 - Cross-Site Scripting via LaTeX markup within HTML elements
N/A
2017-04-26< 4.2
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - Timing Attack
N/A
2017-04-26< 4.2
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - CSV Injection
N/A
2017-04-26< 4.2
Jetpack – WP Security, Backup, Speed, & Growth < 4.2 - Reflected Cross-Site Scripting
N/A
2018-12-11< 6.5
Jetpack <= 6.4.2 - Cross-Site Scripting via post_meta
N/A
2019-02-14< 7.0.1
Jetpack < 7.0.1 - Cross-Site Scripting
N/A
2019-10-19≤ 7.9
Jetpack <= 7.9 - Stored Cross-Site Scripting
N/A
< 3.5.3
Jetpack <= 3.5.2 - Unauthenticated DOM Cross-Site Scripting (XSS)
N/A
< 3.7.1
Jetpack <= 3.7.0 - Stored Cross-Site Scripting (XSS)
N/A
< 3.7.1
Jetpack <= 3.7.0 - Information Disclosure
N/A
< 3.9.2
Jetpack <= 3.9.1 - LaTeX HTML Element XSS
N/A
< 6.5
Jetpack <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS)
N/A
≥ 5.1 and ≤ 7.9
Jetpack 5.1-7.9 - Vulnerability in Shortcode Embed Code
N/A
2015-05-06< 3.5.3
WordPress Jetpack Plugin <= 3.5.2 - Cross Site Scripting
N/A
2015-04-20< 3.4.3
WordPress Jetpack Plugin <= 3.4.2 - Cross Site Scripting
N/A
2015-10-01< 3.7.1
WordPress Jetpack Plugin <= 3.7.0 - Information Disclosure
N/A
2015-10-01< 3.7.1
WordPress Jetpack Plugin <= 3.7.0 - Stored Cross Site Scripting
N/A
2016-02-25< 3.9.2
WordPress Jetpack Plugin <= 3.9.1 - Cross Site Scripting
N/A
2016-05-26< 4.0.3
WordPress Jetpack Plugin <= 4.0.2 - Stored Cross Site Scripting
N/A
2016-06-20< 4.0.4
WordPress Jetpack Plugin <= 4.0.3 - Multiple Vulnerabilities
N/A
2018-12-12< 6.5
WordPress Jetpack plugin <= 6.4.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
N/A
2019-11-21< 7.9.1
WordPress Jetpack plugin <=7.9 - Shortcode embedding system vulnerability
N/A
2011-12-02≤ 1.1.3
CVE-2011-4673
N/A
2014-08-26< 2.9.3
Jetpack < 2.9.3 - Security Bypass
Medium 6.1
2018-01-12< 4.0.3
CVE-2016-10706
Medium 6.1
2018-01-12< 4.0.4
CVE-2016-10705
Medium 6.1
2019-08-28< 3.4.3
CVE-2015-9359
Medium 5.3
2021-06-21< 9.8
CVE-2021-24374