Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
automattic vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2080
The Sensei LMS WordPress plugin prior to 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to ...
Automattic Sensei Lms
801
VMScore
CVE-2021-24209
The WP Super Cache WordPress plugin prior to 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php fi...
Automattic Wp Super Cache
NA
CVE-2023-50879
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a up to and including 3.78784.
Automattic Wordpress.com Editing Toolkit
578
VMScore
CVE-2021-24312
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin prior to 1.7.3 result in RCE because they allow input of '$' and '\n'. This is ...
Automattic Wp Super Cache
312
VMScore
CVE-2021-24329
The WP Super Cache WordPress plugin prior to 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
Automattic Wp Super Cache
383
VMScore
CVE-2007-3288
Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote malicious users to inject arbitrary web script or HTML via the HTTP Referer field.
Skeltoac Automattic Stats 1.0
605
VMScore
CVE-2013-2011
WordPress W3 Super Cache Plugin prior to 1.3.2 contains a PHP code-execution vulnerability which could allow remote malicious users to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
Automattic W3 Super Cache
454
VMScore
CVE-2016-10762
The CampTix Event Ticketing plugin prior to 1.5 for WordPress allows CSV injection when the export tool is used.
Automattic Camptix Event Ticketing
312
VMScore
CVE-2016-10763
The CampTix Event Ticketing plugin prior to 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
Automattic Camptix Event Ticketing
NA
CVE-2023-47789
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a up to and including 2.8.3.
Automattic Canada Post Shipping Method
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »