Vulnerabilities > Automattic

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-7786 Unspecified vulnerability in Automattic Sensei LMS
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
network
low complexity
automattic
5.3
2024-08-29 CVE-2024-43949 Cross-site Scripting vulnerability in Automattic Ghacitivity and Ghactivity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha.
network
low complexity
automattic CWE-79
5.4
2024-07-04 CVE-2024-37474 Cross-site Scripting vulnerability in Automattic Newspack ADS
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1.
network
low complexity
automattic CWE-79
5.4
2024-07-04 CVE-2024-37476 Cross-site Scripting vulnerability in Automattic Newspack Popups 1.47.2
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.
network
low complexity
automattic CWE-79
5.4
2024-02-12 CVE-2023-50875 Cross-site Scripting vulnerability in Automattic Sensei LMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0.
network
low complexity
automattic CWE-79
5.4
2024-02-10 CVE-2023-51488 Cross-site Scripting vulnerability in Automattic Crowdsignal Dashboard
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc.
network
low complexity
automattic CWE-79
6.1
2024-01-05 CVE-2023-51502 Unspecified vulnerability in Automattic Woocommerce Stripe 7.6.1
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.
network
low complexity
automattic
critical
9.8
2023-12-31 CVE-2023-51503 Unspecified vulnerability in Automattic Woopayments
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2.
network
low complexity
automattic
7.5
2023-12-29 CVE-2023-50879 Unspecified vulnerability in Automattic Wordpress.Com Editing Toolkit
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784.
network
low complexity
automattic
5.4
2023-12-21 CVE-2023-32747 Unspecified vulnerability in Automattic Woocommerce Bookings 1.15.78
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78.
network
low complexity
automattic
7.5