Lucene search

Jetpack Crm Security Vulnerabilities

cve

CVE-2022-3342

The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon...

8.8CVSS

8.8AI Score

0.001EPSS

2023-10-20 08:15 AM

cve

CVE-2022-3919

The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8CVSS

4.8AI Score

0.001EPSS

2022-12-12 06:15 PM

cve

CVE-2022-4497

The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-09 11:15 PM

cve

CVE-2023-27429

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.

5.9CVSS

4.8AI Score

0.0005EPSS

2023-06-21 02:15 PM