Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-51502
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a up to and including 7.6.1.
Automattic Woocommerce Stripe
9.8
CVSSv3
CVE-2023-35915
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported...
Automattic Woopayments
9.8
CVSSv3
CVE-2023-3696
Prototype Pollution in GitHub repository automattic/mongoose before 7.3.4.
Mongoosejs Mongoose
9.8
CVSSv3
CVE-2014-125104
A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unre...
Automattic Vaultpress
9.8
CVSSv3
CVE-2023-28121
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated malicious user to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated malicious user to gain admin access on a site that h...
Automattic Woocommerce Payments
Automattic Woopayments
Automattic Woopayments 4.9.0
Automattic Woopayments 5.3.0
Automattic Woopayments 5.4.0
4 Github repositories
9.8
CVSSv3
CVE-2022-2564
Prototype Pollution in GitHub repository automattic/mongoose before 6.4.6.
Mongoosejs Mongoose
9.8
CVSSv3
CVE-2013-2010
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
Automattic Wp Super Cache
Boldgrid W3 Total Cache
1 EDB exploit
9.1
CVSSv3
CVE-2019-17426
Automattic Mongoose up to and including 5.7.4 allows malicious users to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter...
Mongoosejs Mongoose
8.8
CVSSv3
CVE-2023-52222
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a up to and including 8.2.2.
Woocommerce Woocommerce
8.8
CVSSv3
CVE-2023-47787
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a up to and including 2.0.3.
Automattic Woocommerce Bookings
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »