CVE-2022-50958

MEDIUM 6.1

WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php

CVSS Score

6.1

EPSS Score

0.1%

EPSS Percentile

24th

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter to execute arbitrary JavaScript in victim browsers.

CWE	CWE-79
Vendor	jetpack
Product	jetpack
Published	May 10, 2026
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for jetpack jetpack

Be the first to know when new medium vulnerabilities affecting jetpack jetpack are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

None

Availability

None

Affected Versions

jetpack / Jetpack

9.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50735 wordpress.org: https://wordpress.org/plugins/jetpack vulncheck.com: https://www.vulncheck.com/advisories/wordpress-plugin-jetpack-cross-site-scripting-via-grunion-form-view-php

Credits

Milad karimi