Vulnerabilities > Automattic
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-20 | CVE-2023-35914 | Unspecified vulnerability in Automattic Woocommerce Subscriptions Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | 7.5 |
2023-12-20 | CVE-2023-35915 | Unspecified vulnerability in Automattic Woopayments Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | 9.8 |
2023-12-20 | CVE-2023-35916 | Unspecified vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | 7.5 |
2023-12-20 | CVE-2023-35876 | Unspecified vulnerability in Automattic Woocommerce Square Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | 8.1 |
2023-12-20 | CVE-2023-37871 | Unspecified vulnerability in Automattic Woocommerce Gocardless Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | 7.5 |
2023-12-18 | CVE-2023-47787 | Unspecified vulnerability in Automattic Woocommerce Bookings 1.15.78 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3. | 8.8 |
2023-12-18 | CVE-2023-47789 | Unspecified vulnerability in Automattic Canada Post Shipping Method Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3. | 8.8 |
2023-12-14 | CVE-2023-49828 | Cross-site Scripting vulnerability in Automattic Woopayments Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2. | 5.4 |
2023-11-30 | CVE-2023-45050 | Unspecified vulnerability in Automattic Jetpack Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1. | 5.4 |
2023-11-30 | CVE-2023-47777 | Unspecified vulnerability in Automattic Woocommerce and Woocommerce Blocks Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1. | 5.4 |