Vulnerabilities > Automattic

DATE CVE VULNERABILITY TITLE RISK
2021-07-26 CVE-2021-32789 SQL Injection vulnerability in Automattic Woocommerce Blocks
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks.
network
low complexity
automattic CWE-89
5.0
2021-06-21 CVE-2021-24374 Exposure of Resource to Wrong Sphere vulnerability in Automattic Jetpack
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images.
network
low complexity
automattic CWE-668
5.0
2021-06-01 CVE-2021-24329 Cross-site Scripting vulnerability in Automattic WP Super Cache
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
network
automattic CWE-79
3.5
2021-06-01 CVE-2021-24312 Code Injection vulnerability in Automattic WP Super Cache
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'.
network
low complexity
automattic CWE-94
6.5
2021-04-05 CVE-2021-24209 Improper Input Validation vulnerability in Automattic WP Super Cache
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option.
network
low complexity
automattic CWE-20
critical
9.0
2020-07-20 CVE-2020-8215 Classic Buffer Overflow vulnerability in Automattic Canvas
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
6.8
2020-02-12 CVE-2013-2010 Injection vulnerability in multiple products
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
network
low complexity
automattic boldgrid CWE-74
7.5
2020-02-07 CVE-2013-2008 Cross-site Scripting vulnerability in Automattic WP Super Cache 1.3
WordPress Super Cache Plugin 1.3 has XSS.
network
automattic CWE-79
4.3
2020-02-07 CVE-2013-2009 Remote PHP Code Execution vulnerability in Automattic WP Super Cache 1.2
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
network
automattic
6.8
2019-12-26 CVE-2013-2011 Improper Encoding or Escaping of Output vulnerability in Automattic W3 Super Cache
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code.
6.8