Vulnerabilities > Automattic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-7786 | Unspecified vulnerability in Automattic Sensei LMS The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. | 5.3 |
| 2024-08-29 | CVE-2024-43949 | Cross-site Scripting vulnerability in Automattic Ghacitivity and Ghactivity Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha. | 5.4 |
| 2024-07-04 | CVE-2024-37474 | Cross-site Scripting vulnerability in Automattic Newspack ADS Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1. | 5.4 |
| 2024-07-04 | CVE-2024-37476 | Cross-site Scripting vulnerability in Automattic Newspack Popups 1.47.2 Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1. | 5.4 |
| 2024-02-12 | CVE-2023-50875 | Cross-site Scripting vulnerability in Automattic Sensei LMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | 5.4 |
| 2024-02-10 | CVE-2023-51488 | Cross-site Scripting vulnerability in Automattic Crowdsignal Dashboard Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. | 6.1 |
| 2023-12-29 | CVE-2023-50879 | Cross-site Scripting vulnerability in Automattic Wordpress.Com Editing Toolkit Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. | 5.4 |
| 2023-12-14 | CVE-2023-49828 | Cross-site Scripting vulnerability in Automattic Woopayments Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2. | 5.4 |
| 2023-11-30 | CVE-2023-45050 | Cross-site Scripting vulnerability in Automattic Jetpack Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1. | 5.4 |
| 2023-11-30 | CVE-2023-47777 | Cross-site Scripting vulnerability in Automattic Woocommerce and Woocommerce Blocks Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1. | 5.4 |