Vulnerabilities > Automattic > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-45069 Unspecified vulnerability in Automattic Crowdsignal Dashboard
Auth.
network
low complexity
automattic
8.8
2021-04-05 CVE-2021-24209 Code Injection vulnerability in Automattic WP Super Cache
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option.
network
low complexity
automattic CWE-94
7.2
2020-02-12 CVE-2013-2010 Injection vulnerability in multiple products
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
network
low complexity
automattic boldgrid CWE-74
7.5
2017-11-29 CVE-2017-17058 Path Traversal vulnerability in Automattic Woocommerce
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory.
network
low complexity
automattic CWE-22
7.5
2011-12-02 CVE-2011-4673 SQL Injection vulnerability in Automattic Jetpack
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
automattic wordpress CWE-89
7.5