Vulnerabilities > Automattic > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-7786 Unspecified vulnerability in Automattic Sensei LMS
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
network
low complexity
automattic
5.3
2024-08-29 CVE-2024-43949 Cross-site Scripting vulnerability in Automattic Ghacitivity and Ghactivity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha.
network
low complexity
automattic CWE-79
5.4
2024-07-04 CVE-2024-37474 Cross-site Scripting vulnerability in Automattic Newspack ADS
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1.
network
low complexity
automattic CWE-79
5.4
2024-07-04 CVE-2024-37476 Cross-site Scripting vulnerability in Automattic Newspack Popups 1.47.2
Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.
network
low complexity
automattic CWE-79
5.4
2024-02-12 CVE-2023-50875 Cross-site Scripting vulnerability in Automattic Sensei LMS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0.
network
low complexity
automattic CWE-79
5.4
2024-02-10 CVE-2023-51488 Cross-site Scripting vulnerability in Automattic Crowdsignal Dashboard
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc.
network
low complexity
automattic CWE-79
6.1
2023-12-29 CVE-2023-50879 Cross-site Scripting vulnerability in Automattic Wordpress.Com Editing Toolkit
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784.
network
low complexity
automattic CWE-79
5.4
2023-12-14 CVE-2023-49828 Cross-site Scripting vulnerability in Automattic Woopayments
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2.
network
low complexity
automattic CWE-79
5.4
2023-11-30 CVE-2023-45050 Cross-site Scripting vulnerability in Automattic Jetpack
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1.
network
low complexity
automattic CWE-79
5.4
2023-11-30 CVE-2023-47777 Cross-site Scripting vulnerability in Automattic Woocommerce and Woocommerce Blocks
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1.
network
low complexity
automattic CWE-79
5.4