WordPress Plugin Vulnerabilities

Jetpack <= 4.0.3 - Multiple Vulnerabilities

Description

Jetpack 4.0.4 fixes 3 security bugs:

* Private feedback form entries were made available publicly via the REST API
* Post By Email settings could be changed
* The Likes module was vulnerable to XSS

Affects Plugins

Plugin icon
jetpack
Fixed in 4.0.4

References

CVE
CVE-2016-10705

Miscellaneous

Submitter
Anonymous
Verified
No
WPVDB ID
21bd1537-801a-48ec-9c5f-72d9efb6801d

Timeline

Publicly Published
2016-06-20 (about 9 years ago)
Added
2016-06-21 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2019-06-24
Title
Custom CSS Pro <= 1.0.3 - CSRF & XSS
Published
2014-08-01
Title
IWantOneButton 3.0.1 - Multiple Vulnerabilities
Published
2014-08-01
Title
Wordfence 3.3.5 - XSS & IAA
Published
2014-08-01
Title
wp-cleanfix - Remote Comm& Execution, CSRF & XSS
Published
2019-10-30
Title
Give WP < 2.5.10 - Multiple Issues