Vulnerabilities > Automattic

DATE CVE VULNERABILITY TITLE RISK
2023-12-20 CVE-2023-35914 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Subscriptions
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2.
network
low complexity
automattic CWE-639
7.5
7.5
2023-12-20 CVE-2023-35915 SQL Injection vulnerability in Automattic Woopayments
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.
network
low complexity
automattic CWE-89
critical
 9.8
9.8
2023-12-20 CVE-2023-35916 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woopayments
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.
network
low complexity
automattic CWE-639
7.5
7.5
2023-12-20 CVE-2023-35876 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Square
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1.
network
low complexity
automattic CWE-639
8.1
8.1
2023-12-20 CVE-2023-37871 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Gocardless
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6.
network
low complexity
automattic CWE-639
7.5
7.5
2023-12-18 CVE-2023-47787 Cross-Site Request Forgery (CSRF) vulnerability in Automattic Woocommerce Bookings 1.15.78
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3.
network
low complexity
automattic CWE-352
8.8
8.8
2023-12-18 CVE-2023-47789 Cross-Site Request Forgery (CSRF) vulnerability in Automattic Canada Post Shipping Method
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3.
network
low complexity
automattic CWE-352
8.8
8.8
2023-12-14 CVE-2023-49828 Cross-site Scripting vulnerability in Automattic Woopayments
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2.
network
low complexity
automattic CWE-79
5.4
5.4
2023-11-30 CVE-2023-45050 Cross-site Scripting vulnerability in Automattic Jetpack
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
network
low complexity
automattic CWE-79
5.4
5.4
2023-11-30 CVE-2023-47777 Cross-site Scripting vulnerability in Automattic Woocommerce and Woocommerce Blocks
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1.
network
low complexity
automattic CWE-79
5.4
5.4