Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-8215
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
Automattic Canvas
5.4
CVSSv3
CVE-2023-49828
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution B...
Automattic Woopayments
7.5
CVSSv3
CVE-2017-17058
The WooCommerce plugin up to and including 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possibl...
Automattic Woocommerce
1 EDB exploit
7.5
CVSSv3
CVE-2023-35916
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a up to and including 5.9.0.
Automattic Woopayments
5.3
CVSSv3
CVE-2021-24374
The Jetpack Carousel module of the JetPack WordPress plugin prior to 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed ...
Automattic Jetpack
7.5
CVSSv3
CVE-2023-51503
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a up to and including 6.9.2.
Automattic Woopayments
6.1
CVSSv3
CVE-2015-9357
The akismet plugin prior to 3.1.5 for WordPress has XSS.
Automattic Akismet
6.1
CVSSv3
CVE-2015-9359
The Jetpack plugin prior to 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
Automattic Jetpack
8.8
CVSSv3
CVE-2017-18356
In the Automattic WooCommerce plugin prior to 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP obj...
Automattic Woocommerce
NA
CVE-2011-4673
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Automattic Jetpack
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »