Filter

Automattic Sensei LmsSensei LMS < 4.24.2 - Unauthenticated Email Template Leak

7.5
EPSS
0.22%
First published (updated )

Automattic Ghacitivity WordpressWordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability

First published (updated )

Automattic Newspack Ads WordpressWordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability

First published (updated )

Automattic Newspack Popups WordpressWordPress Newspack Campaigns plugin <= 2.31.1 - Cross Site Scripting (XSS) vulnerability

First published (updated )

Automattic Sensei LmsWordPress Sensei LMS Plugin <= 4.17.0 is vulnerable to Cross Site Scripting (XSS)

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Automattic Crowdsignal DashboardWordPress Crowdsignal Dashboard – Polls, Surveys & more Plugin <= 3.0.11 is vulnerable to Cross Site Scripting (XSS)

7.1
First published (updated )

Automattic Woocommerce StripeWordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR)

First published (updated )

Automattic WoopaymentsWordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)

7.5
First published (updated )

CVE-2023-50879WordPress WordPress.com Editing Toolkit Plugin <= 3.78784 is vulnerable to Cross Site Scripting (XSS)

First published (updated )

Automattic Woocommerce BookingsWordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)

7.5
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Automattic Woocommerce SubscriptionsWordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)

7.5
First published (updated )

Automattic WoopaymentsWordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to SQL Injection

First published (updated )

Automattic WoopaymentsWordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR)

7.5
First published (updated )

Automattic Woocommerce SquareWordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR)

8.1
First published (updated )

Automattic Woocommerce GocardlessWordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR)

8.2
First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Automattic Canada Post Shipping MethodWordPress WooCommerce Canada Post Shipping Plugin <= 2.8.3 is vulnerable to Cross Site Request Forgery (CSRF)

8.8
First published (updated )

Automattic Woocommerce BookingsWordPress WooCommerce Bookings Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

8.8
First published (updated )

Automattic WoopaymentsWordPress WooCommerce Payments Plugin <= 6.4.2 is vulnerable to Cross Site Scripting (XSS)

First published (updated )

Automattic JetpackWordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)

First published (updated )

Automattic WoocommerceWordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerability

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Automattic Jetpack CrmThe Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ p…

8.8
First published (updated )

Automattic ActivitypubActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure

First published (updated )

Automattic ActivitypubActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS

First published (updated )

Automattic ActivitypubActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS

First published (updated )

Automattic ActivitypubActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Automattic JetpackJetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API

8.8
First published (updated )

CVE-2023-27429WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS)

First published (updated )

Automattic VaultpressVaultPress Plugin MailPoet Plugin class.vaultpress-hotfixes.php protect_aioseo_ajax unrestricted upload

First published (updated )

Automattic Woocommerce PaymentsAn issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthent…

First published (updated )

Automattic Jetpack CrmJetpack CRM < 5.5 - Contributor+ Stored XSS

First published (updated )

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203