Vulnerabilities > Automattic > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-31 CVE-2023-51503 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woopayments
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2.
network
low complexity
automattic CWE-639
7.5
2023-12-21 CVE-2023-32747 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Bookings 1.15.78
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78.
network
low complexity
automattic CWE-639
7.5
2023-12-20 CVE-2023-35914 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Subscriptions
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2.
network
low complexity
automattic CWE-639
7.5
2023-12-20 CVE-2023-35916 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woopayments
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0.
network
low complexity
automattic CWE-639
7.5
2023-12-20 CVE-2023-35876 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Square
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1.
network
low complexity
automattic CWE-639
8.1
2023-12-20 CVE-2023-37871 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Gocardless
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6.
network
low complexity
automattic CWE-639
7.5
2023-12-18 CVE-2023-47787 Cross-Site Request Forgery (CSRF) vulnerability in Automattic Woocommerce Bookings 1.15.78
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3.
network
low complexity
automattic CWE-352
8.8
2023-12-18 CVE-2023-47789 Cross-Site Request Forgery (CSRF) vulnerability in Automattic Canada Post Shipping Method
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3.
network
low complexity
automattic CWE-352
8.8
2023-10-20 CVE-2022-3342 Deserialization of Untrusted Data vulnerability in Automattic Jetpack CRM
The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1.
network
low complexity
automattic CWE-502
8.8
2023-06-27 CVE-2023-2996 Unspecified vulnerability in Automattic Jetpack
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
network
low complexity
automattic
8.8