CVE-2026-22356
- EPSS 0.12%
- Veröffentlicht 20.02.2026 15:47:01
- Zuletzt bearbeitet 24.02.2026 21:16:26
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through <= 6.7.0.
CVE-2022-3342
- EPSS 1.62%
- Veröffentlicht 20.10.2023 08:15:11
- Zuletzt bearbeitet 21.11.2024 07:19:20
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps...
CVE-2023-27429
- EPSS 0.08%
- Veröffentlicht 21.06.2023 14:15:09
- Zuletzt bearbeitet 21.11.2024 07:52:53
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.
CVE-2022-4497
- EPSS 0.25%
- Veröffentlicht 09.01.2023 23:15:28
- Zuletzt bearbeitet 09.04.2025 20:15:24
The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-3919
- EPSS 0.21%
- Veröffentlicht 12.12.2022 18:15:11
- Zuletzt bearbeitet 22.04.2025 15:16:01
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.