Vulnerabilities > Automattic > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-21 CVE-2021-24374 Authorization Bypass Through User-Controlled Key vulnerability in Automattic Jetpack
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images.
network
low complexity
automattic CWE-639
5.3
2021-06-01 CVE-2021-24312 OS Command Injection vulnerability in Automattic WP Super Cache
The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'.
network
low complexity
automattic CWE-78
6.5
2021-06-01 CVE-2021-24329 Cross-site Scripting vulnerability in Automattic WP Super Cache
The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue.
network
low complexity
automattic CWE-79
5.4
2020-07-20 CVE-2020-8215 Classic Buffer Overflow vulnerability in Automattic Canvas
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.
6.8
2020-02-07 CVE-2013-2009 Remote PHP Code Execution vulnerability in Automattic WP Super Cache 1.2
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
network
automattic
6.8
2020-02-07 CVE-2013-2008 Cross-site Scripting vulnerability in Automattic WP Super Cache 1.3
WordPress Super Cache Plugin 1.3 has XSS.
network
automattic CWE-79
4.3
2019-12-26 CVE-2013-2011 Improper Encoding or Escaping of Output vulnerability in Automattic W3 Super Cache
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code.
6.8
2019-08-28 CVE-2015-9359 Cross-site Scripting vulnerability in Automattic Jetpack
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
network
automattic CWE-79
4.3
2019-08-28 CVE-2015-9357 Cross-site Scripting vulnerability in Automattic Akismet
The akismet plugin before 3.1.5 for WordPress has XSS.
network
automattic CWE-79
4.3
2019-07-18 CVE-2016-10762 Command Injection vulnerability in Automattic Camptix Event Ticketing
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
network
high complexity
automattic CWE-77
5.1