Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2016-10705
The Jetpack plugin prior to 4.0.4 for WordPress has XSS via the Likes module.
Automattic Jetpack
383
VMScore
CVE-2016-10706
The Jetpack plugin prior to 4.0.3 for WordPress has XSS via a crafted Vimeo link.
Automattic Jetpack
NA
CVE-2023-51503
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a up to and including 6.9.2.
Automattic Woopayments
NA
CVE-2023-35876
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a up to and including 3.8.1.
Automattic Woocommerce Square
NA
CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a up to and including 5.1.2.
Automattic Woocommerce Subscriptions
NA
CVE-2022-3342
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3...
Automattic Jetpack Crm
NA
CVE-2022-2080
The Sensei LMS WordPress plugin prior to 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to ...
Automattic Sensei Lms
446
VMScore
CVE-2021-32789
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an...
Automattic Woocommerce Blocks
2 Github repositories
NA
CVE-2023-32747
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a up to and including 1.15.78.
Automattic Woocommerce Bookings
NA
CVE-2022-2034
The Sensei LMS WordPress plugin prior to 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers
Automattic Sensei Lms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »