2026-01-13 22:56:39
VulnCheck
PUBLISHED
Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims browsers when they interact with the contact form page.