Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-37871
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a up to and including 2.5.6.
Automattic Woocommerce Gocardless
383
VMScore
CVE-2007-3288
Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote malicious users to inject arbitrary web script or HTML via the HTTP Referer field.
Skeltoac Automattic Stats 1.0
801
VMScore
CVE-2021-24209
The WP Super Cache WordPress plugin prior to 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php fi...
Automattic Wp Super Cache
312
VMScore
CVE-2016-10763
The CampTix Event Ticketing plugin prior to 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
Automattic Camptix Event Ticketing
605
VMScore
CVE-2013-2011
WordPress W3 Super Cache Plugin prior to 1.3.2 contains a PHP code-execution vulnerability which could allow remote malicious users to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
Automattic W3 Super Cache
454
VMScore
CVE-2016-10762
The CampTix Event Ticketing plugin prior to 1.5 for WordPress allows CSV injection when the export tool is used.
Automattic Camptix Event Ticketing
578
VMScore
CVE-2021-24312
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin prior to 1.7.3 result in RCE because they allow input of '$' and '\n'. This is ...
Automattic Wp Super Cache
312
VMScore
CVE-2021-24329
The WP Super Cache WordPress plugin prior to 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
Automattic Wp Super Cache
NA
CVE-2023-50879
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a up to and including 3.78784.
Automattic Wordpress.com Editing Toolkit
NA
CVE-2023-47789
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a up to and including 2.8.3.
Automattic Canada Post Shipping Method
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »