WordPress · Jetpack · CVE-2023-54332
**Name of the Vulnerable Software and Affected Versions**
Jetpack version 11.4
**Description**
The software contains a cross-site scripting issue within the contact form module. An attacker can inject malicious scripts through the `post id` parameter. By crafting malicious URLs with script payloads, an attacker can execute arbitrary JavaScript in a victim’s browser when they interact with the contact form page.
**Recommendations**
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the contact form module.