← back
CVE-2022-50958

WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter to execute arbitrary JavaScript in victim browsers.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
jetpack · Jetpack
public PoCs found1
cve_referencewww.exploit-db.com/exploits/50735unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wordpress.org/plugins/jetpackhttps://www.exploit-db.com/exploits/50735https://www.vulncheck.com/advisories/wordpress-plugin-jetpack-cross-site-scripting-via-grunion-form-view-php