VulnerableCode Package Details - pkg:composer/automattic/jetpack@3.9.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-sk6t-v6nk-jbe7 Aliases: CVE-2021-24374 GHSA-5hr6-r8h6-wh22	Exposure of Resource to Wrong Sphere The Jetpack Carousel module of the JetPack WordPress plugin allows users to create a `carousel` type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by `nguyenhg_vcs` that allowed the comments of non-published page/posts to be leaked.	9.8 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 9.8.0 Affected by 0 other vulnerabilities.
VCID-y2tp-9sr1-cuc1 Aliases: CVE-2023-2996	Improper Input Validation The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.	12.1.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yxqk-uu9k-z7h1 Aliases: CVE-2023-45050	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.	12.8-a.3 Affected by 0 other vulnerabilities. 12.8.0-a.3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-sk6t-v6nk-jbe7
Aliases:
CVE-2021-24374
GHSA-5hr6-r8h6-wh22

Exposure of Resource to Wrong Sphere The Jetpack Carousel module of the JetPack WordPress plugin allows users to create a `carousel` type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by `nguyenhg_vcs` that allowed the comments of non-published page/posts to be leaked.

9.8
Affected by 2 other vulnerabilities.

9.8.0
Affected by 0 other vulnerabilities.

VCID-y2tp-9sr1-cuc1
Aliases:
CVE-2023-2996

Improper Input Validation The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.

12.1.1
Affected by 1 other vulnerability.

VCID-yxqk-uu9k-z7h1
Aliases:
CVE-2023-45050

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.

12.8-a.3
Affected by 0 other vulnerabilities.

12.8.0-a.3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:22:30.678661+00:00	GitLab Importer	Affected by	VCID-yxqk-uu9k-z7h1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/automattic/jetpack/CVE-2023-45050.yml	38.6.0
2026-06-06T03:53:00.054634+00:00	GitLab Importer	Affected by	VCID-y2tp-9sr1-cuc1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/automattic/jetpack/CVE-2023-2996.yml	38.6.0
2026-06-06T00:46:22.596602+00:00	GitLab Importer	Affected by	VCID-sk6t-v6nk-jbe7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/automattic/jetpack/CVE-2021-24374.yml	38.6.0