Vulnerabilities > Automattic > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-31 | CVE-2023-51503 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | 7.5 |
2023-12-21 | CVE-2023-32747 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Bookings 1.15.78 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | 7.5 |
2023-12-20 | CVE-2023-35914 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Subscriptions Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | 7.5 |
2023-12-20 | CVE-2023-35916 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | 7.5 |
2023-12-20 | CVE-2023-35876 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Square Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | 8.1 |
2023-12-20 | CVE-2023-37871 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Gocardless Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | 7.5 |
2023-12-18 | CVE-2023-47787 | Cross-Site Request Forgery (CSRF) vulnerability in Automattic Woocommerce Bookings 1.15.78 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3. | 8.8 |
2023-12-18 | CVE-2023-47789 | Cross-Site Request Forgery (CSRF) vulnerability in Automattic Canada Post Shipping Method Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3. | 8.8 |
2023-10-20 | CVE-2022-3342 | Deserialization of Untrusted Data vulnerability in Automattic Jetpack CRM The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. | 8.8 |
2023-06-27 | CVE-2023-2996 | Unspecified vulnerability in Automattic Jetpack The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. | 8.8 |