CVE-2022-50958

MEDIUM NVD

CVSS Score 6.1

Severity MEDIUM

Published May 10, 2026

Vendor unknown

Description

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter to execute arbitrary JavaScript in victim browsers.

References

https://wordpress.org/plugins/jetpack
https://www.exploit-db.com/exploits/50735
https://www.vulncheck.com/advisories/wordpress-plugin-jetpack-cross-site-scripting-via-grunion-form-view-php