Security Advisory

CVE-2024-10076

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-15 20:06:40

Last updated 2025-05-20 16:03:22

Assigner WPScan

State PUBLISHED

Description

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks

← Browse all CVEs View on cve.org ↗