Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-17058
The WooCommerce plugin up to and including 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possibl...
Automattic Woocommerce
1 EDB exploit
6.8
CVSSv2
CVE-2020-8215
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
Automattic Canvas
6.5
CVSSv2
CVE-2017-18356
In the Automattic WooCommerce plugin prior to 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP obj...
Automattic Woocommerce
NA
CVE-2023-32747
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a up to and including 1.15.78.
Automattic Woocommerce Bookings
NA
CVE-2023-35876
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a up to and including 3.8.1.
Automattic Woocommerce Square
NA
CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a up to and including 5.1.2.
Automattic Woocommerce Subscriptions
NA
CVE-2023-51488
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more...
Automattic Crowdsignal Dashboard
NA
CVE-2023-51502
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a up to and including 7.6.1.
Automattic Woocommerce Stripe
NA
CVE-2022-2080
The Sensei LMS WordPress plugin prior to 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to ...
Automattic Sensei Lms
NA
CVE-2023-37871
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a up to and including 2.5.6.
Automattic Woocommerce Gocardless
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »