Vulnerabilities > Automattic
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-28 | CVE-2015-9359 | Cross-site Scripting vulnerability in Automattic Jetpack The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 4.3 |
2019-08-28 | CVE-2015-9357 | Cross-site Scripting vulnerability in Automattic Akismet The akismet plugin before 3.1.5 for WordPress has XSS. | 4.3 |
2019-07-18 | CVE-2016-10763 | Cross-site Scripting vulnerability in Automattic Camptix Event Ticketing The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. | 3.5 |
2019-07-18 | CVE-2016-10762 | Command Injection vulnerability in Automattic Camptix Event Ticketing The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. | 5.1 |
2019-01-15 | CVE-2017-18356 | Code Injection vulnerability in Automattic Woocommerce In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. | 6.5 |
2018-01-12 | CVE-2016-10706 | Cross-site Scripting vulnerability in Automattic Jetpack The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. | 4.3 |
2018-01-12 | CVE-2016-10705 | Cross-site Scripting vulnerability in Automattic Jetpack The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. | 4.3 |
2017-11-29 | CVE-2017-17058 | Path Traversal vulnerability in Automattic Woocommerce The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. | 7.5 |
2015-06-17 | CVE-2015-3429 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier. | 4.3 |
2014-04-22 | CVE-2014-0173 | Permissions, Privileges, and Access Controls vulnerability in Automattic Jetpack The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. | 5.8 |