Filtered by vendor Automattic
Subscribe
Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4673 | 2 Automattic, Wordpress | 2 Jetpack, Wordpress | 2026-04-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2023-51503 | 1 Automattic | 1 Woopayments | 2026-04-28 | N/A | 5.9 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | |||||
| CVE-2023-51502 | 1 Automattic | 1 Woocommerce Stripe | 2026-04-28 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. | |||||
| CVE-2023-51489 | 1 Automattic | 1 Crowdsignal Dashboard | 2026-04-28 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. | |||||
| CVE-2023-51488 | 1 Automattic | 1 Crowdsignal Dashboard | 2026-04-28 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. | |||||
| CVE-2023-50879 | 1 Automattic | 1 Wordpress.com Editing Toolkit | 2026-04-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. | |||||
| CVE-2023-50875 | 1 Automattic | 1 Sensei Lms | 2026-04-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. | |||||
| CVE-2023-49828 | 1 Automattic | 1 Woopayments | 2026-04-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo allows Stored XSS.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.4.2. | |||||
| CVE-2023-47789 | 1 Automattic | 1 Canada Post Shipping Method | 2026-04-28 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shipping Method: from n/a through 2.8.3. | |||||
| CVE-2023-47787 | 1 Automattic | 1 Woocommerce Bookings | 2026-04-28 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 2.0.3. | |||||
| CVE-2023-47777 | 1 Automattic | 2 Woocommerce, Woocommerce Blocks | 2026-04-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1. | |||||
| CVE-2023-47774 | 1 Automattic | 1 Jetpack | 2026-04-28 | N/A | 5.4 MEDIUM |
| Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7. | |||||
| CVE-2023-45050 | 1 Automattic | 1 Jetpack | 2026-04-28 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Jetpack – WP Security, Backup, Speed, & Growth allows Stored XSS.This issue affects Jetpack – WP Security, Backup, Speed, & Growth: from n/a through 12.8-a.1. | |||||
| CVE-2023-37871 | 1 Automattic | 1 Woocommerce Gocardless | 2026-04-28 | N/A | 8.2 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a through 2.5.6. | |||||
| CVE-2023-35916 | 1 Automattic | 1 Woopayments | 2026-04-28 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | |||||
| CVE-2023-35915 | 1 Automattic | 1 Woopayments | 2026-04-28 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | |||||
| CVE-2023-35914 | 1 Automattic | 1 Woocommerce Subscriptions | 2026-04-28 | N/A | 7.5 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2. | |||||
| CVE-2023-35876 | 1 Automattic | 1 Woocommerce Square | 2026-04-28 | N/A | 8.1 HIGH |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1. | |||||
| CVE-2023-32747 | 1 Automattic | 1 Woocommerce Bookings | 2026-04-28 | N/A | 5.4 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78. | |||||
| CVE-2026-4338 | 1 Automattic | 1 Activitypub | 2026-04-14 | N/A | 7.5 HIGH |
| The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts | |||||