VulnerableCode Package Details - pkg:composer/automattic/jetpack@10.2.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/automattic/jetpack@10.2.1

Essentials
History (2)

purl	pkg:composer/automattic/jetpack@10.2.1

Next non-vulnerable version	12.8-a.3
Latest non-vulnerable version	12.8-a.3
Risk

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-y2tp-9sr1-cuc1 Aliases: CVE-2023-2996	Improper Input Validation The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.	12.1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yxqk-uu9k-z7h1 Aliases: CVE-2023-45050	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.	12.8-a.3 Affected by 0 other vulnerabilities. 12.8.0-a.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-y2tp-9sr1-cuc1
Aliases:
CVE-2023-2996

Improper Input Validation The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.

12.1.1
Affected by 1 other vulnerability.

VCID-yxqk-uu9k-z7h1
Aliases:
CVE-2023-45050

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.

12.8-a.3
Affected by 0 other vulnerabilities.

12.8.0-a.3
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:22:32.424148+00:00	GitLab Importer	Affected by	VCID-yxqk-uu9k-z7h1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/automattic/jetpack/CVE-2023-45050.yml	38.6.0
2026-06-06T03:53:01.920622+00:00	GitLab Importer	Affected by	VCID-y2tp-9sr1-cuc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/automattic/jetpack/CVE-2023-2996.yml	38.6.0