Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-49828
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution B...
Automattic Woopayments
5.3
CVSSv3
CVE-2021-24374
The Jetpack Carousel module of the JetPack WordPress plugin prior to 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed ...
Automattic Jetpack
5.4
CVSSv3
CVE-2023-3746
The ActivityPub WordPress plugin prior to 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks
Automattic Activitypub
8.8
CVSSv3
CVE-2020-8215
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
Automattic Canvas
6.1
CVSSv3
CVE-2016-10705
The Jetpack plugin prior to 4.0.4 for WordPress has XSS via the Likes module.
Automattic Jetpack
9.8
CVSSv3
CVE-2023-35915
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported...
Automattic Woopayments
7.5
CVSSv3
CVE-2023-35916
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a up to and including 5.9.0.
Automattic Woopayments
NA
CVE-2011-4673
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Automattic Jetpack
1 EDB exploit
6.1
CVSSv3
CVE-2015-9357
The akismet plugin prior to 3.1.5 for WordPress has XSS.
Automattic Akismet
6.1
CVSSv3
CVE-2015-9359
The Jetpack plugin prior to 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
Automattic Jetpack
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »