Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35915
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported...
Automattic Woopayments
4.3
CVSSv2
CVE-2016-10705
The Jetpack plugin prior to 4.0.4 for WordPress has XSS via the Likes module.
Automattic Jetpack
4.3
CVSSv2
CVE-2016-10706
The Jetpack plugin prior to 4.0.3 for WordPress has XSS via a crafted Vimeo link.
Automattic Jetpack
6
CVSSv2
CVE-2017-20086
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.
Automattic Vaultpress 1.8.4
NA
CVE-2023-35876
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a up to and including 3.8.1.
Automattic Woocommerce Square
NA
CVE-2023-50875
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: f...
Automattic Sensei Lms
5
CVSSv2
CVE-2021-32789
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an...
Automattic Woocommerce Blocks
2 Github repositories
NA
CVE-2022-2034
The Sensei LMS WordPress plugin prior to 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
Automattic Sensei Lms
NA
CVE-2023-37871
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a up to and including 2.5.6.
Automattic Woocommerce Gocardless
NA
CVE-2022-4497
The Jetpack CRM WordPress plugin prior to 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used agains...
Automattic Jetpack Crm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »