Vulnerabilities > Automattic > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-01-05 CVE-2023-51502 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Stripe 7.6.1
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.
network
low complexity
automattic CWE-639
critical
9.8
2023-12-20 CVE-2023-35915 SQL Injection vulnerability in Automattic Woopayments
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.
network
low complexity
automattic CWE-89
critical
9.8
2023-06-01 CVE-2014-125104 Unrestricted Upload of File with Dangerous Type vulnerability in Automattic Vaultpress
A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress.
network
low complexity
automattic CWE-434
critical
9.8
2023-04-12 CVE-2023-28121 Improper Authentication vulnerability in Automattic Woocommerce Payments and Woopayments
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator.
network
low complexity
automattic CWE-287
critical
9.8