Vulnerabilities > Automattic

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-04	CVE-2024-7786	Unspecified vulnerability in Automattic Sensei LMS The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. network low complexity automattic	5.3
2024-08-29	CVE-2024-43949	Cross-site Scripting vulnerability in Automattic Ghacitivity and Ghactivity Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha. network low complexity automattic CWE-79	5.4
2024-07-04	CVE-2024-37474	Cross-site Scripting vulnerability in Automattic Newspack ADS Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1. network low complexity automattic CWE-79	5.4
2024-07-04	CVE-2024-37476	Cross-site Scripting vulnerability in Automattic Newspack Popups 1.47.2 Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1. network low complexity automattic CWE-79	5.4
2024-02-12	CVE-2023-50875	Cross-site Scripting vulnerability in Automattic Sensei LMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. network low complexity automattic CWE-79	5.4
2024-02-10	CVE-2023-51488	Cross-site Scripting vulnerability in Automattic Crowdsignal Dashboard Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. network low complexity automattic CWE-79	6.1
2024-01-05	CVE-2023-51502	Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Stripe 7.6.1 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. network low complexity automattic CWE-639 critical	9.8
2023-12-31	CVE-2023-51503	Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. network low complexity automattic CWE-639	7.5
2023-12-29	CVE-2023-50879	Cross-site Scripting vulnerability in Automattic Wordpress.Com Editing Toolkit Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. network low complexity automattic CWE-79	5.4
2023-12-21	CVE-2023-32747	Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Bookings 1.15.78 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. network low complexity automattic CWE-639	7.5

Vulnerabilities > Automattic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Automattic"}]}

Vulnerabilities > Automattic