High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-03-16	CVE-2023-51489	Unspecified vulnerability in Automattic Crowdsignal Dashboard Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. network low complexity automattic	8.8
2023-12-31	CVE-2023-51503	Unspecified vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. network low complexity automattic	7.5
2023-12-21	CVE-2023-32747	Unspecified vulnerability in Automattic Woocommerce Bookings 1.15.78 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. network low complexity automattic	7.5
2023-12-20	CVE-2023-35914	Unspecified vulnerability in Automattic Woocommerce Subscriptions Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. network low complexity automattic	7.5
2023-12-20	CVE-2023-35916	Unspecified vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. network low complexity automattic	7.5
2023-12-20	CVE-2023-35876	Unspecified vulnerability in Automattic Woocommerce Square Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. network low complexity automattic	8.1
2023-12-20	CVE-2023-37871	Unspecified vulnerability in Automattic Woocommerce Gocardless Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. network low complexity automattic	7.5
2023-12-18	CVE-2023-47787	Unspecified vulnerability in Automattic Woocommerce Bookings 1.15.78 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3. network low complexity automattic	8.8
2023-12-18	CVE-2023-47789	Unspecified vulnerability in Automattic Canada Post Shipping Method Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3. network low complexity automattic	8.8
2023-10-20	CVE-2022-3342	Deserialization of Untrusted Data vulnerability in Automattic Jetpack CRM The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. network low complexity automattic CWE-502	8.8