Filtered by vendor Automattic
Subscriptions
Total
59 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10706 | 1 Automattic | 1 Jetpack | 2024-09-17 | N/A |
| The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. | ||||
| CVE-2022-45069 | 1 Automattic | 1 Crowdsignal Dashboard | 2024-09-17 | 6.3 Medium |
| Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. | ||||
| CVE-2016-10705 | 1 Automattic | 1 Jetpack | 2024-09-17 | N/A |
| The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. | ||||
| CVE-2022-3342 | 1 Automattic | 1 Jetpack Crm | 2024-09-16 | 7.5 High |
| The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link. | ||||
| CVE-2024-7786 | 1 Automattic | 1 Sensei Lms | 2024-09-04 | 7.5 High |
| The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. | ||||
| CVE-2024-43949 | 1 Automattic | 2 Ghacitivity, Ghactivity | 2024-09-03 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha. | ||||
| CVE-2024-35686 | 1 Automattic | 2 Sensei Lms, Sensei Pro | 2024-09-03 | 5.3 Medium |
| Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro (WC Paid Courses).This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro (WC Paid Courses): from n/a through 4.23.1.1.23.1. | ||||
| CVE-2023-51503 | 1 Automattic | 1 Woopayments | 2024-08-26 | 5.9 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | ||||
| CVE-2023-51502 | 1 Automattic | 1 Woocommerce Stripe | 2024-08-26 | 7.5 High |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. | ||||
| CVE-2011-4673 | 2 Automattic, Wordpress | 2 Jetpack, Wordpress | 2024-08-07 | N/A |
| SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2013-2010 | 2 Automattic, Boldgrid | 2 Wp Super Cache, W3 Total Cache | 2024-08-06 | 9.8 Critical |
| WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | ||||
| CVE-2013-2009 | 1 Automattic | 1 Wp Super Cache | 2024-08-06 | 8.8 High |
| WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution | ||||
| CVE-2013-2008 | 1 Automattic | 1 Wp Super Cache | 2024-08-06 | 6.1 Medium |
| WordPress Super Cache Plugin 1.3 has XSS. | ||||
| CVE-2013-2011 | 1 Automattic | 1 W3 Super Cache | 2024-08-06 | 8.8 High |
| WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009. | ||||
| CVE-2014-125104 | 1 Automattic | 1 Vaultpress | 2024-08-06 | 6.3 Medium |
| A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The patch is named e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263. | ||||
| CVE-2014-0173 | 1 Automattic | 1 Jetpack | 2024-08-06 | N/A |
| The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2015-9357 | 1 Automattic | 1 Akismet | 2024-08-06 | N/A |
| The akismet plugin before 3.1.5 for WordPress has XSS. | ||||
| CVE-2015-9359 | 1 Automattic | 1 Jetpack | 2024-08-06 | N/A |
| The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). | ||||
| CVE-2015-3429 | 3 Automattic, Debian, Wordpress | 3 Genericons, Debian Linux, Wordpress | 2024-08-06 | N/A |
| Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. | ||||
| CVE-2016-10762 | 1 Automattic | 1 Camptix Event Ticketing | 2024-08-06 | N/A |
| The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. | ||||