Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/automattic/jetpack@7.2-beta2
Typecomposer
Namespaceautomattic
Namejetpack
Version7.2-beta2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version12.8-a.3
Latest_non_vulnerable_version12.8-a.3
Affected_by_vulnerabilities
0
url VCID-sk6t-v6nk-jbe7
vulnerability_id VCID-sk6t-v6nk-jbe7
summary 
Exposure of Resource to Wrong Sphere
The Jetpack Carousel module of the JetPack WordPress plugin allows users to create a `carousel` type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by `nguyenhg_vcs` that allowed the comments of non-published page/posts to be leaked.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-24374
reference_id
reference_type
scores
0
value 0.00789
scoring_system epss
scoring_elements 0.74252
published_at 2026-06-07T12:55:00Z
1
value 0.00789
scoring_system epss
scoring_elements 0.74234
published_at 2026-06-08T12:55:00Z
2
value 0.00789
scoring_system epss
scoring_elements 0.74261
published_at 2026-06-09T12:55:00Z
3
value 0.00789
scoring_system epss
scoring_elements 0.74229
published_at 2026-06-04T12:55:00Z
4
value 0.00789
scoring_system epss
scoring_elements 0.74265
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-24374
1
reference_url https://github.com/Automattic/jetpack-production
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Automattic/jetpack-production
2
reference_url https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories
3
reference_url https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/
reference_id
reference_type
scores
url https://jetpack.com/2021/06/01/jetpack-9-8-engage-your-audience-with-wordpress-stories/
4
reference_url https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://wpscan.com/vulnerability/08a8a51c-49d3-4bce-b7e0-e365af1d8f33
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-24374
reference_id CVE-2021-24374
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-24374
6
reference_url https://github.com/advisories/GHSA-5hr6-r8h6-wh22
reference_id GHSA-5hr6-r8h6-wh22
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hr6-r8h6-wh22
fixed_packages
0
url pkg:composer/automattic/jetpack@9.8
purl pkg:composer/automattic/jetpack@9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-y2tp-9sr1-cuc1
1
vulnerability VCID-yxqk-uu9k-z7h1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@9.8
1
url pkg:composer/automattic/jetpack@9.8.0
purl pkg:composer/automattic/jetpack@9.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@9.8.0
aliases CVE-2021-24374, GHSA-5hr6-r8h6-wh22
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sk6t-v6nk-jbe7
1
url VCID-y2tp-9sr1-cuc1
vulnerability_id VCID-y2tp-9sr1-cuc1
summary 
Improper Input Validation
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2996
reference_id
reference_type
scores
0
value 0.03349
scoring_system epss
scoring_elements 0.87561
published_at 2026-06-06T12:55:00Z
1
value 0.03349
scoring_system epss
scoring_elements 0.87559
published_at 2026-06-08T12:55:00Z
2
value 0.03349
scoring_system epss
scoring_elements 0.87571
published_at 2026-06-09T12:55:00Z
3
value 0.03349
scoring_system epss
scoring_elements 0.87562
published_at 2026-06-05T12:55:00Z
4
value 0.03349
scoring_system epss
scoring_elements 0.8756
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2996
1
reference_url https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/
reference_id
reference_type
scores
0
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-05T16:47:57Z/
url https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/
2
reference_url https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663
reference_id
reference_type
scores
0
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-12-05T16:47:57Z/
url https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2996
reference_id CVE-2023-2996
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-2996
fixed_packages
0
url pkg:composer/automattic/jetpack@12.1.1
purl pkg:composer/automattic/jetpack@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-yxqk-uu9k-z7h1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@12.1.1
aliases CVE-2023-2996
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y2tp-9sr1-cuc1
2
url VCID-yxqk-uu9k-z7h1
vulnerability_id VCID-yxqk-uu9k-z7h1
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-45050
reference_id
reference_type
scores
0
value 0.00275
scoring_system epss
scoring_elements 0.51203
published_at 2026-06-09T12:55:00Z
1
value 0.00275
scoring_system epss
scoring_elements 0.51229
published_at 2026-06-05T12:55:00Z
2
value 0.00275
scoring_system epss
scoring_elements 0.51234
published_at 2026-06-06T12:55:00Z
3
value 0.00275
scoring_system epss
scoring_elements 0.51214
published_at 2026-06-07T12:55:00Z
4
value 0.00275
scoring_system epss
scoring_elements 0.51183
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-45050
1
reference_url https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:22:32Z/
url https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve
2
reference_url https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-05T13:22:32Z/
url https://patchstack.com/database/vulnerability/jetpack/wordpress-jetpack-plugin-12-8-a-1-cross-site-scripting-xss-vulnerability?_s_id=cve
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-45050
reference_id CVE-2023-45050
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-45050
fixed_packages
0
url pkg:composer/automattic/jetpack@12.8.0-a.3
purl pkg:composer/automattic/jetpack@12.8.0-a.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@12.8.0-a.3
1
url pkg:composer/automattic/jetpack@12.8-a.3
purl pkg:composer/automattic/jetpack@12.8-a.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@12.8-a.3
aliases CVE-2023-45050
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yxqk-uu9k-z7h1
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/automattic/jetpack@7.2-beta2