Vulnerabilities > Automattic > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-27 | CVE-2023-2996 | Unspecified vulnerability in Automattic Jetpack The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. | 8.8 |
| 2022-11-17 | CVE-2022-45069 | Unspecified vulnerability in Automattic Crowdsignal Dashboard Auth. | 8.8 |
| 2022-06-23 | CVE-2017-20086 | Code Injection vulnerability in Automattic Vaultpress 1.8.4 A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. | 7.5 |
| 2021-07-26 | CVE-2021-32789 | SQL Injection vulnerability in Automattic Woocommerce Blocks woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. | 7.5 |
| 2021-06-01 | CVE-2021-24312 | OS Command Injection vulnerability in Automattic WP Super Cache The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. | 7.2 |
| 2021-04-05 | CVE-2021-24209 | Code Injection vulnerability in Automattic WP Super Cache The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. | 7.2 |
| 2020-07-20 | CVE-2020-8215 | Classic Buffer Overflow vulnerability in Automattic Canvas A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. | 8.8 |
| 2020-02-07 | CVE-2013-2009 | Unspecified vulnerability in Automattic WP Super Cache 1.2 WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution | 8.8 |
| 2019-12-26 | CVE-2013-2011 | Improper Encoding or Escaping of Output vulnerability in Automattic W3 Super Cache WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. | 8.8 |
| 2019-07-18 | CVE-2016-10762 | Command Injection vulnerability in Automattic Camptix Event Ticketing The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. | 7.5 |