CVE-2016-10705 — Cross-site Scripting in Jetpack

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 56.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 12

Latest updateMay 14

Description

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

GHSA

GHSA-m9j7-38jf-7998: The Jetpack plugin before 4↗2022-05-14

▶

CVEList

CVE-2016-10705: The Jetpack plugin before 4↗2018-01-12

▶