Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35876
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a up to and including 3.8.1.
Automattic Woocommerce Square
NA
CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a up to and including 5.1.2.
Automattic Woocommerce Subscriptions
NA
CVE-2022-2080
The Sensei LMS WordPress plugin prior to 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to ...
Automattic Sensei Lms
6
CVSSv2
CVE-2017-20086
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.
Automattic Vaultpress 1.8.4
NA
CVE-2022-3919
The Jetpack CRM WordPress plugin prior to 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Automattic Jetpack Crm
NA
CVE-2022-4497
The Jetpack CRM WordPress plugin prior to 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used agains...
Automattic Jetpack Crm
NA
CVE-2022-45069
Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.
Automattic Crowdsignal Dashboard
NA
CVE-2022-3342
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3...
Automattic Jetpack Crm
5
CVSSv2
CVE-2021-32789
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an...
Automattic Woocommerce Blocks
2 Github repositories
NA
CVE-2022-2386
The Crowdsignal Dashboard WordPress plugin prior to 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Automattic Crowdsignal Dashboard
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »