High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-31	CVE-2023-51503	Unspecified vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. network low complexity automattic	7.5
2023-12-21	CVE-2023-32747	Unspecified vulnerability in Automattic Woocommerce Bookings 1.15.78 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. network low complexity automattic	7.5
2023-12-20	CVE-2023-35914	Unspecified vulnerability in Automattic Woocommerce Subscriptions Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. network low complexity automattic	7.5
2023-12-20	CVE-2023-35916	Unspecified vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. network low complexity automattic	7.5
2023-12-20	CVE-2023-35876	Unspecified vulnerability in Automattic Woocommerce Square Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. network low complexity automattic	8.1
2023-12-20	CVE-2023-37871	Unspecified vulnerability in Automattic Woocommerce Gocardless Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. network low complexity automattic	7.5
2023-12-18	CVE-2023-47787	Unspecified vulnerability in Automattic Woocommerce Bookings 1.15.78 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3. network low complexity automattic	8.8
2023-12-18	CVE-2023-47789	Unspecified vulnerability in Automattic Canada Post Shipping Method Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3. network low complexity automattic	8.8
2023-10-20	CVE-2022-3342	Deserialization of Untrusted Data vulnerability in Automattic Jetpack CRM The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. network low complexity automattic CWE-502	8.8
2023-06-27	CVE-2023-2996	Unspecified vulnerability in Automattic Jetpack The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. network low complexity automattic	8.8