CVE-2022-3342
- EPSS 1.9%
- Published 20.10.2023 08:15:11
- Last modified 21.11.2024 07:19:20
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps...
CVE-2023-27429
- EPSS 0.06%
- Published 21.06.2023 14:15:09
- Last modified 21.11.2024 07:52:53
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.
CVE-2022-4497
- EPSS 0.19%
- Published 09.01.2023 23:15:28
- Last modified 09.04.2025 20:15:24
The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-3919
- EPSS 0.11%
- Published 12.12.2022 18:15:11
- Last modified 22.04.2025 15:16:01
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.