Vulnerabilities > Automattic > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-05 | CVE-2023-51502 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Stripe 7.6.1 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. | 9.8 |
| 2023-12-20 | CVE-2023-35915 | SQL Injection vulnerability in Automattic Woopayments Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | 9.8 |
| 2023-06-01 | CVE-2014-125104 | Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Vaultpress A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. | 9.8 |
| 2023-04-12 | CVE-2023-28121 | Improper Authentication vulnerability in Automattic Woocommerce Payments and Woopayments An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. | 9.8 |
| 2020-02-12 | CVE-2013-2010 | Injection vulnerability in multiple products WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability | 9.8 |