Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-3706
The ActivityPub WordPress plugin prior to 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector
Automattic Activitypub
NA
CVE-2023-3707
The ActivityPub WordPress plugin prior to 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Pa...
Automattic Activitypub
NA
CVE-2023-3746
The ActivityPub WordPress plugin prior to 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks
Automattic Activitypub
383
VMScore
CVE-2015-9357
The akismet plugin prior to 3.1.5 for WordPress has XSS.
Automattic Akismet
383
VMScore
CVE-2015-9359
The Jetpack plugin prior to 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
Automattic Jetpack
505
VMScore
CVE-2017-17058
The WooCommerce plugin up to and including 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possibl...
Automattic Woocommerce
1 EDB exploit
445
VMScore
CVE-2021-24374
The Jetpack Carousel module of the JetPack WordPress plugin prior to 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed ...
Automattic Jetpack
NA
CVE-2014-125104
A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unre...
Automattic Vaultpress
383
VMScore
CVE-2016-10705
The Jetpack plugin prior to 4.0.4 for WordPress has XSS via the Likes module.
Automattic Jetpack
383
VMScore
CVE-2016-10706
The Jetpack plugin prior to 4.0.3 for WordPress has XSS via a crafted Vimeo link.
Automattic Jetpack
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »