CVE-2023-54332 MEDIUM

CVE-2023-54332: Jetpack 11.4 - Cross Site Scripting (XSS)

Vendor Automattic

Product Jetpack

Weakness CWE-79 · XSS

Published January 13, 2026

Last update May 24, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

Description

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the post_id parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact with the contact form page.

Key dates

Disclosure timeline

January 13, 2026 CVE published

May 24, 2026 Record updated