Vulnerabilities > Automattic
|2021-07-26||CVE-2021-32789|| SQL Injection vulnerability in Automattic Woocommerce Blocks |
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks.
| 5.0 |
|2021-06-21||CVE-2021-24374|| Exposure of Resource to Wrong Sphere vulnerability in Automattic Jetpack |
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images.
| 5.0 |
|2021-06-01||CVE-2021-24329|| Cross-site Scripting vulnerability in Automattic WP Super Cache |
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
| 3.5 |
|2021-06-01||CVE-2021-24312|| Code Injection vulnerability in Automattic WP Super Cache |
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'.
| 6.5 |
|2021-04-05||CVE-2021-24209|| Improper Input Validation vulnerability in Automattic WP Super Cache |
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option.
| 9.0 |
|2020-07-20||CVE-2020-8215|| Classic Buffer Overflow vulnerability in Automattic Canvas |
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
| 6.8 |
|2020-02-12||CVE-2013-2010|| Injection vulnerability in multiple products |
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
| 7.5 |
|2020-02-07||CVE-2013-2008|| Cross-site Scripting vulnerability in Automattic WP Super Cache 1.3 |
WordPress Super Cache Plugin 1.3 has XSS.
| 4.3 |
|2020-02-07||CVE-2013-2009|| Remote PHP Code Execution vulnerability in Automattic WP Super Cache 1.2 |
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
| 6.8 |
|2019-12-26||CVE-2013-2011|| Improper Encoding or Escaping of Output vulnerability in Automattic W3 Super Cache |
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code.
| 6.8 |