Vulnerabilities > Automattic > High

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-45069 Unspecified vulnerability in Automattic Crowdsignal Dashboard
Auth.
network
low complexity
automattic
8.8
2022-06-23 CVE-2017-20086 Code Injection vulnerability in Automattic Vaultpress 1.8.4
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4.
network
high complexity
automattic CWE-94
7.5
2021-07-26 CVE-2021-32789 SQL Injection vulnerability in Automattic Woocommerce Blocks
woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks.
network
low complexity
automattic CWE-89
7.5
2021-06-01 CVE-2021-24312 OS Command Injection vulnerability in Automattic WP Super Cache
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'.
network
low complexity
automattic CWE-78
7.2
2021-04-05 CVE-2021-24209 Code Injection vulnerability in Automattic WP Super Cache
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option.
network
low complexity
automattic CWE-94
7.2
2020-07-20 CVE-2020-8215 Classic Buffer Overflow vulnerability in Automattic Canvas
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
network
low complexity
automattic CWE-120
8.8
2020-02-07 CVE-2013-2009 Unspecified vulnerability in Automattic WP Super Cache 1.2
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
network
low complexity
automattic
8.8
2019-12-26 CVE-2013-2011 Improper Encoding or Escaping of Output vulnerability in Automattic W3 Super Cache
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code.
network
low complexity
automattic CWE-116
8.8
2019-07-18 CVE-2016-10762 Command Injection vulnerability in Automattic Camptix Event Ticketing
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
network
high complexity
automattic CWE-77
7.5
2017-11-29 CVE-2017-17058 Path Traversal vulnerability in Automattic Woocommerce
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory.
network
low complexity
automattic CWE-22
7.5