Medium severity5.9NVD Advisory· Published May 15, 2025· Updated Jun 17, 2026
CVE-2024-10076
CVE-2024-10076
Description
The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ultimately making it possible for contributor and above users to perform Stored XSS attacks
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.4.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/15f278f6-0418-4c83-b925-b1a2d8c53e2f/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.