Är Jetpack – WP Security, Backup, Speed, & Growth säkert att använda?

Jetpack – WP Security, Backup, Speed, & Growth har 25 kända sårbarheter. De flesta åtgärdas i nya versioner. Håll alltid tillägget uppdaterat för bästa skydd.

Hur vet jag om min sajt är påverkad?

Kör ett gratis test på sitesupport.co/testa-din-hemsida. Testet kontrollerar vilka tillägg och versioner du använder och jämför mot kända sårbarheter.

Vad ska jag göra om jag har en sårbar version?

Uppdatera till senaste versionen så snart som möjligt. Om ingen fix finns tillgänglig, överväg att tillfälligt inaktivera tillägget.

Jetpack – WP Security, Backup, Speed, & Growth

Name: Jetpack – WP Security, Backup, Speed, & Growth
Rating: 3.8

3.8/5

3 000 000+ installationer

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

Kända sårbarheter

Kritiska / höga

2025-05-15

Senaste sårbarhet

3 000 000+

Aktiva installationer

Om Jetpack – WP Security, Backup, Speed, & Growth

Vad är Jetpack?

Jetpack är ett populärt WordPress-tillägg som erbjuder en bred uppsättning funktioner för säkerhet, säkerhetskopiering, prestanda och tillväxt. Med över 3 miljoner aktiva installationer används det av många webbplatser för att förbättra säkerheten med verktyg som brandvägg (WAF), skadlig kod-scanning och automatiska säkerhetskopior. Tillägget inkluderar även gratis funktioner som statistik, CDN och delning i sociala medier.

Säkerhetsprofil och risker

Jetpack har 25 kända sårbarheter, varav 2 klassificeras som kritiska, 7 som höga och 16 som medium-risk. Den senaste kända sårbarheten rapporterades så sent som maj 2025, vilket visar att även välunderhållna tillägg kan drabbas av säkerhetsproblem.

Trots detta relativt höga antal sårbarheter är det viktigt att sätta detta i perspektiv – Jetpack är ett omfattande tillägg med många funktioner, och utvecklarna från Automattic (WordPress.com) är generellt snabba med att åtgärda säkerhetsproblem.

Våra rekommendationer

Håll alltid Jetpack uppdaterat till senaste versionen
Aktivera endast de funktioner du verkligen behöver
Överväg att använda separata, specialiserade tillägg för kritiska funktioner som säkerhetskopiering
Regelbundna uppdateringar är det bästa skyddet mot kända sårbarheter

Använder du Jetpack – WP Security, Backup, Speed, & Growth?

Kör ett gratis test och se om din hemsida är påverkad av dessa sårbarheter.

Testa din hemsida

Alla kända sårbarheter

Medel 2025-05-15 CVE-2024-10076

CVE-2024-10076: The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunatel...

Påverkade versioner: < 13.8

The Jetpack WordPress plugin before 13.8, Jetpack Boost WordPress plugin before 3.4.8 use regexes in the Site Accelerator features when switching image URLs to their CDN counterpart. Unfortunately, some of them may match patterns it shouldn’t, ulti...

Medel 2025-05-15 CVE-2024-10075

CVE-2024-10075: The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary ...

Påverkade versioner: < 13.8

The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.

Medel 2025-05-15 CVE-2023-7168

CVE-2023-7168: The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Sit...

Påverkade versioner: <= 8.0

The Better Follow Button for Jetpack WordPress plugin through 8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html cap...

Medel 2024-12-25 CVE-2024-10858

CVE-2024-10858: The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites ho...

Påverkade versioner: < 14.1

The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com.

Medel 2024-11-07 CVE-2024-9926

CVE-2024-9926: The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpa...

Påverkade versioner: < 13.1.4

The Jetpack WordPress plugin does not have proper authorisation in one of its REST endpoint, allowing any authenticated users, such as subscriber to read arbitrary feedbacks data sent via the Jetpack Contact Form

Medel 2024-05-14 CVE-2024-4392

CVE-2024-4392: The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3....

Påverkade versioner: < 13.4

The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpvideo shortcode in all versions up to, and including, 13.3.1 due to insufficient input sanitization and output esc...

Medel 2024-05-14 CVE-2024-3941

CVE-2024-3941: The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin ad...

Påverkade versioner: <= 0.2.2

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.

Hög 2024-05-14 CVE-2024-3940

CVE-2024-3940: The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Påverkade versioner: <= 0.2.2

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Hög 2023-10-20 CVE-2022-3342

CVE-2022-3342: The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including...

Påverkade versioner: <= 5.3.1

The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps...

Hög 2023-06-27 CVE-2023-2996

CVE-2023-2996: The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rar...

Påverkade versioner: < 12.1.1

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deseri...

Medel 2023-01-09 CVE-2022-4497

CVE-2022-4497: The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as cont...

Påverkade versioner: < 5.5.0

The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

Medel 2022-12-12 CVE-2022-3919

CVE-2022-3919: The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered...

Påverkade versioner: < 5.4.3

The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Medel 2022-01-17 CVE-2021-25037

CVE-2021-25037: The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attac...

Påverkade versioner: < 4.1.5.3

The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affect...

Hög 2022-01-17 CVE-2021-25036

CVE-2021-25036: The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors acce...

Påverkade versioner: < 4.1.5.3

The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t hav...

Medel 2021-06-21 CVE-2021-24374

CVE-2021-24374: The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was...

Påverkade versioner: < 9.8

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg...

Medel 2021-04-12 CVE-2021-24231

CVE-2021-24231: The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from ...

Påverkade versioner: < 1.7.0

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.

Hög 2021-04-12 CVE-2021-24230

CVE-2021-24230: The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary u...

Påverkade versioner: < 1.7.0

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If...

Kritisk 2021-04-12 CVE-2021-24229

CVE-2021-24229: The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to u...

Påverkade versioner: < 1.7.2

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscriber...

Kritisk 2021-04-12 CVE-2021-24228

CVE-2021-24228: The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and...

Påverkade versioner: < 1.7.2

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site us...

Hög 2021-04-12 CVE-2021-24227

CVE-2021-24227: The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an at...

Påverkade versioner: < 1.7.0

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-co...

Medel 2019-08-28 CVE-2015-9359

CVE-2015-9359: The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().

Påverkade versioner: < 3.4.3

The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().

Medel 2018-01-12 CVE-2016-10706

CVE-2016-10706: The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.

Påverkade versioner: < 4.0.3

The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.

Medel 2018-01-12 CVE-2016-10705

CVE-2016-10705: The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.

Påverkade versioner: <= 4.0.3

The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.

Medel 2014-04-22 CVE-2014-0173

CVE-2014-0173: The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before ...

Påverkade versioner: all

The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for...

Hög 2011-12-02 CVE-2011-4673

CVE-2011-4673: SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Påverkade versioner: all

SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Så skyddar du din sajt

Sårbarheter i tillägg är den vanligaste attackytan för WordPress-sajter. Det bästa skyddet är att vara proaktiv — här är tre konkreta steg.

Håll tillägget uppdaterat

De flesta sårbarheter i Jetpack – WP Security, Backup, Speed, & Growth åtgärdas snabbt av utvecklarna. Uppdatera alltid till senaste versionen.

Ta bort oanvända tillägg

Varje tillägg är en potentiell attackyta. Avinstallera det du inte aktivt använder.

Bevaka automatiskt

Med löpande övervakning upptäcker du problem innan de blir allvarliga.

Vill du slippa hålla koll själv? Med ett supportavtal från Sitesupport sköter vi uppdateringar och säkerhet åt dig.

Vanliga frågor om Jetpack – WP Security, Backup, Speed, & Growth

Jetpack – WP Security, Backup, Speed, & Growth har 25 kända sårbarheter, varav 9 med hög eller kritisk allvarlighetsgrad. Det betyder inte nödvändigtvis att tillägget är osäkert — de flesta sårbarheter åtgärdas i nya versioner. Det viktigaste är att alltid köra den senaste versionen.

Det enklaste sättet är att köra ett gratis test av din hemsida på sitesupport.co. Testet kontrollerar vilka tillägg du använder och vilka versioner som är installerade, och jämför det mot kända sårbarheter.

Uppdatera till den senaste versionen så snart som möjligt. Om det inte finns en uppdatering som åtgärdar problemet bör du överväga att tillfälligt inaktivera tillägget, särskilt om sårbarheten har kritisk eller hög allvarlighetsgrad.

Jetpack – WP Security, Backup, Speed, & Growth har över 3 000 000 aktiva installationer på WordPress.org och ett betyg på 3.8 av 5. Populära tillägg har generellt bättre säkerhetsrutiner tack vare större community och fler ögon på koden.