Behrouz Mansoori

**Name of the Vulnerable Software and Affected Versions** Jetpack version 11.4 **Description** The software contains a cross-site scripting issue within the contact form module. An attacker can inject malicious scripts through the `post id` parameter. By crafting malicious URLs with script payloads, an attacker can execute arbitrary JavaScript in a victim’s browser when they interact with the contact form page. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the contact form module.