Automattic - Jetpack Crm CVE

Filtered by vendor Automattic Subscribe

Filtered by product Jetpack Crm

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-27429	1 Automattic	1 Jetpack Crm	2024-02-04	N/A	4.8 MEDIUM
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.
CVE-2022-3919	1 Automattic	1 Jetpack Crm	2024-02-04	N/A	4.8 MEDIUM
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Vulnerabilities (CVE)