Vulnerabilities in Automattic
59 resultsCVE-2022-2564HIGHPrototype Pollution in automattic/mongooseEPSS 32.7%CVE-2021-24312—WP Super Cache < 1.7.3 - Authenticated Remote Code ExecutionEPSS 1.7%CVE-2021-24374—Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment LeakEPSS 1.5%CVE-2023-3696CRITICALPrototype Pollution in automattic/mongooseEPSS 1.0%CVE-2022-3342HIGHJetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR DeserializationEPSS 1.0%CVE-2023-1912HIGHLimit Login Attempts <= 1.7.1 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.8%CVE-2021-24323—Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)EPSS 0.7%CVE-2023-47777MEDIUMWordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerabilityEPSS 0.7%CVE-2024-9944MEDIUMWooCommerce <= 9.0.2 - Unauthenticated HTML InjectionEPSS 0.6%CVE-2024-34549MEDIUMWordPress WP Job Manager plugin <= 2.2.2 - Sensitive Data Exposure vulnerabilityEPSS 0.6%CVE-2023-35916HIGHWordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.6%CVE-2024-37115HIGHWordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerabilityEPSS 0.6%CVE-2023-35915HIGHWordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to SQL InjectionEPSS 0.5%CVE-2024-35686MEDIUMWordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2023-45050MEDIUMWordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS)EPSS 0.5%CVE-2024-37424CRITICALWordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerabilityEPSS 0.5%CVE-2023-51503MEDIUMWordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.5%CVE-2024-37423HIGHWordPress Newspack Blocks plugin <= 3.0.8 - Contributor+ Arbitrary Directory Deletion vulnerabilityEPSS 0.4%CVE-2024-32111MEDIUMWordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerabilityEPSS 0.4%CVE-2026-22356HIGHWordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerabilityEPSS 0.4%