CVE-2023-54332

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.1%
top 84.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Automattic Jetpack
Timeline
PublishedJan 13
Latest updateJan 14

Description

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact with the contact form page.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

CVEListV5automattic/jetpack11.4

🔴Vulnerability Details

2
GHSA
GHSA-5cjw-xj4m-w5m4: Jetpack 112026-01-14
CVEList
Jetpack 11.4 - Cross Site Scripting (XSS)2026-01-13
CVE-2023-54332 (MEDIUM CVSS 5.1) | Jetpack 11.4 contains a cross-site | cvebase.io