Vulnerabilities > Automattic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-12 | CVE-2023-50875 | Cross-site Scripting vulnerability in Automattic Sensei LMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | 5.4 |
| 2024-02-10 | CVE-2023-51488 | Cross-site Scripting vulnerability in Automattic Crowdsignal Dashboard Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. | 6.1 |
| 2024-01-05 | CVE-2023-51502 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Stripe 7.6.1 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. | 9.8 |
| 2023-12-31 | CVE-2023-51503 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | 7.5 |
| 2023-12-29 | CVE-2023-50879 | Cross-site Scripting vulnerability in Automattic Wordpress.Com Editing Toolkit Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. | 5.4 |
| 2023-12-21 | CVE-2023-32747 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Bookings 1.15.78 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | 7.5 |
| 2023-12-20 | CVE-2023-35914 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Subscriptions Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | 7.5 |
| 2023-12-20 | CVE-2023-35915 | SQL Injection vulnerability in Automattic Woopayments Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | 9.8 |
| 2023-12-20 | CVE-2023-35916 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | 7.5 |
| 2023-12-20 | CVE-2023-35876 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Square Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | 8.1 |