at path:
ROOT
/
wp-content
/
plugins
/
jetpack
/
SECURITY.md
run:
R
W
Run
3rd-party
DIR
2026-02-04 13:02:08
R
W
Run
_inc
DIR
2026-02-04 13:02:08
R
W
Run
css
DIR
2026-02-04 13:02:08
R
W
Run
extensions
DIR
2026-02-04 13:02:08
R
W
Run
images
DIR
2026-02-04 13:02:08
R
W
Run
jetpack_vendor
DIR
2026-02-04 13:02:08
R
W
Run
json-endpoints
DIR
2026-02-04 13:02:08
R
W
Run
modules
DIR
2026-02-04 13:02:08
R
W
Run
sal
DIR
2026-02-04 13:02:08
R
W
Run
src
DIR
2026-02-04 13:02:08
R
W
Run
vendor
DIR
2026-02-04 13:02:08
R
W
Run
views
DIR
2026-02-04 13:02:08
R
W
Run
CHANGELOG.md
753.33 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
LICENSE.txt
18.2 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
SECURITY.md
2.45 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class-jetpack-connection-status.php
728 By
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class-jetpack-gallery-settings.php
3.47 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class-jetpack-newsletter-dashboard-widget.php
436 By
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class-jetpack-pre-connection-jitms.php
2.34 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class-jetpack-stats-dashboard-widget.php
7.47 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class-jetpack-xmlrpc-methods.php
7.38 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.frame-nonce-preview.php
3.22 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-admin.php
18.28 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-autoupdate.php
9.93 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-cli.php
74.32 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-client-server.php
2.62 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-gutenberg.php
46.14 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-heartbeat.php
4.55 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-modules-list-table.php
14.81 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-network-sites-list-table.php
6.03 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-network.php
21.08 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-plan.php
4.09 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-post-images.php
36.5 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-twitter-cards.php
12.95 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack-user-agent.php
25.3 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.jetpack.php
203.5 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.json-api-endpoints.php
91.36 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.json-api.php
38.3 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
class.photon.php
1.74 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
composer.json
4.2 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
enhanced-open-graph.php
4.68 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
functions.compat.php
4.31 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
functions.cookies.php
2.04 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
functions.global.php
13.91 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
functions.is-mobile.php
2.47 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
functions.opengraph.php
30.82 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
functions.photon.php
3.04 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
jetpack.php
8.92 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
json-api-config.php
338 By
2026-02-04 13:02:08
R
W
Run
Delete
Rename
json-endpoints.php
6.92 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
load-jetpack.php
3.5 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
locales.php
371 By
2026-02-04 13:02:08
R
W
Run
Delete
Rename
readme.txt
32.9 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
unauth-file-upload.php
5.85 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
uninstall.php
1.65 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
wpml-config.xml
1.26 KB
2026-02-04 13:02:08
R
W
Run
Delete
Rename
error_log
up
📄
SECURITY.md
Save
# Security Policy Full details of the Automattic Security Policy can be found on [automattic.com](https://automattic.com/security/). ## Supported Versions Generally, only the latest version of Jetpack and its associated plugins have continued support. If a critical vulnerability is found in the current version of a plugin, we may opt to backport any patches to previous versions. ## Reporting a Vulnerability Our HackerOne program covers the below plugin software, as well as a variety of related projects and infrastructure: * [Jetpack](https://jetpack.com/) * Jetpack Backup * Jetpack Boost * Jetpack CRM * Jetpack Protect * Jetpack Search * Jetpack Social * Jetpack VideoPress **For responsible disclosure of security issues and to be eligible for our bug bounty program, please submit your report via the [HackerOne](https://hackerone.com/automattic) portal.** Our most critical targets are: * Jetpack and the Jetpack composer packages (all within this repo) * Jetpack.com -- the primary marketing site. * cloud.jetpack.com -- a management site. * wordpress.com -- the shared management site for both Jetpack and WordPress.com sites. For more targets, see the `In Scope` section on [HackerOne](https://hackerone.com/automattic). _Please note that the **WordPress software is a separate entity** from Automattic. Please report vulnerabilities for WordPress through [the WordPress Foundation's HackerOne page](https://hackerone.com/wordpress)._ ## Guidelines We're committed to working with security researchers to resolve the vulnerabilities they discover. You can help us by following these guidelines: * Follow [HackerOne's disclosure guidelines](https://www.hackerone.com/disclosure-guidelines). * Pen-testing Production: * Please **setup a local environment** instead whenever possible. Most of our code is open source (see above). * If that's not possible, **limit any data access/modification** to the bare minimum necessary to reproduce a PoC. * **_Don't_ automate form submissions!** That's very annoying for us, because it adds extra work for the volunteers who manage those systems, and reduces the signal/noise ratio in our communication channels. * To be eligible for a bounty, all of these guidelines must be followed. * Be Patient - Give us a reasonable time to correct the issue before you disclose the vulnerability. We also expect you to comply with all applicable laws. You're responsible to pay any taxes associated with your bounties.