Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-3342
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3...
Automattic Jetpack Crm
NA
CVE-2007-3288
Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote malicious users to inject arbitrary web script or HTML via the HTTP Referer field.
Skeltoac Automattic Stats 1.0
5.4
CVSSv3
CVE-2023-50879
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a up to and including 3.78784.
Automattic Wordpress.com Editing Toolkit
5.4
CVSSv3
CVE-2021-24329
The WP Super Cache WordPress plugin prior to 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
Automattic Wp Super Cache
7.5
CVSSv3
CVE-2016-10762
The CampTix Event Ticketing plugin prior to 1.5 for WordPress allows CSV injection when the export tool is used.
Automattic Camptix Event Ticketing
7.2
CVSSv3
CVE-2021-24312
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin prior to 1.7.3 result in RCE because they allow input of '$' and '\n'. This is ...
Automattic Wp Super Cache
4.8
CVSSv3
CVE-2016-10763
The CampTix Event Ticketing plugin prior to 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
Automattic Camptix Event Ticketing
8.8
CVSSv3
CVE-2013-2011
WordPress W3 Super Cache Plugin prior to 1.3.2 contains a PHP code-execution vulnerability which could allow remote malicious users to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
Automattic W3 Super Cache
7.2
CVSSv3
CVE-2021-24209
The WP Super Cache WordPress plugin prior to 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php fi...
Automattic Wp Super Cache
8.8
CVSSv3
CVE-2023-47789
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a up to and including 2.8.3.
Automattic Canada Post Shipping Method
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »