CVE-2023-2996

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.

We have discovered 39,879 live websites that are affected by CVE-2023-2996.

Run a Free Instant Scan

Affected Software

Product	Jetpack
Category	Widgets
Vulnerable Domains	39,879 live websites (4.79% of Jetpack install base)
Vulnerable Versions	from 1.9 through 2.0.9 from 2.1 through 2.1.7 from 2.2 through 2.2.10 from 2.3 through 2.3.10 from 2.4 through 2.4.7 from 2.5 through 2.5.5 from 2.6 through 2.6.6 from 2.7 through 2.7.5 from 2.8 through 2.8.5 from 2.9 through 2.9.6 from 3 through 3.0.6 from 3.1 through 3.1.5 from 3.2 through 3.2.5 from 3.3 through 3.3.6 from 3.4 through 3.4.6 from 3.5 through 3.5.6 from 3.6 through 3.6.4 from 3.7 through 3.7.5 from 3.8 through 3.8.5 from 3.9 through 3.9.9 from 4 through 4.0.6 from 4.1 through 4.1.3 from 4.2 through 4.2.4 from 4.3 through 4.3.4 from 4.4 through 4.4.4 from 4.5 through 4.5.2 from 4.6 through 4.6.2 from 4.7 through 4.7.3 from 4.8 through 4.8.4 from 4.9 through 4.9.2 from 5 through 5.0.2 from 5.1 through 5.1.3 from 5.2 through 5.2.4 from 5.3 through 5.3.3 from 5.4 through 5.4.3 from 5.5 through 5.5.4 from 5.6 through 5.6.4 from 5.7 through 5.7.4 from 5.8 through 5.8.3 from 5.9 through 5.9.3 from 6 through 6.0.3 from 6.1 through 6.1.4 from 6.2 through 6.2.4 from 6.3 through 6.3.6 from 6.4 through 6.4.5 from 6.5 through 6.5.3 from 6.6 through 6.6.4 from 6.7 through 6.7.3 from 6.8 through 6.8.4 from 6.9 through 6.9.3 from 7 through 7.0.4 from 7.1 through 7.1.4 from 7.2 through 7.2.4 from 7.3 through 7.3.4 from 7.4 through 7.4.4 from 7.5 through 7.5.6 from 7.6 through 7.6.3 from 7.7 through 7.7.5 from 7.8 through 7.8.3 from 7.9 through 7.9.3 from 8 through 8.0.2 from 8.1 through 8.1.3 from 8.2 through 8.2.5 from 8.3 through 8.3.2 from 8.4 through 8.4.4 from 8.5 through 8.5.2 from 8.6 through 8.6.3 from 8.7 through 8.7.3 from 8.8 through 8.8.4 from 8.9 through 8.9.3 from 9 through 9.0.4 from 9.1 through 9.1.2 from 9.2 through 9.2.3 from 9.3 through 9.3.4 from 9.4 through 9.4.3 from 9.5 through 9.5.4 from 9.6 through 9.6.3 from 9.7 through 9.7.2 from 9.8 through 9.8.2 from 9.9 through 9.9.2 from 10 through 10.0.1 from 10.1 through 10.1.1 from 10.2 through 10.2.2 from 10.3 through 10.3.1 from 10.4 through 10.4.1 from 10.5 through 10.5.2 from 10.6 through 10.6.2 from 10.7 through 10.7.1 from 10.8 through 10.8.1 from 10.9 through 10.9.2 from 11 through 11.0.1 from 11.1 through 11.1.3 from 11.2 through 11.2.1 from 11.3 through 11.3.3 from 11.4 through 11.4.1 from 11.5 through 11.5.2 from 11.6 through 11.6.1 from 11.7 through 11.7.2 from 11.8 through 11.8.5 from 11.9 through 11.9.2 from 12 through 12.0.1 from 12.1 through 12.1.1
Vulnerable Versions Count	290 versions ( 52% of all versions)