Filtered by vendor Automattic
Subscribe
Total
37 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-125104 | 1 Automattic | 1 Vaultpress | 2023-11-18 | N/A | 9.8 CRITICAL |
| A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The patch is named e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263. | |||||
| CVE-2023-5057 | 1 Automattic | 1 Activitypub | 2023-11-07 | N/A | 5.4 MEDIUM |
| The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks | |||||
| CVE-2023-3707 | 1 Automattic | 1 Activitypub | 2023-11-07 | N/A | 4.3 MEDIUM |
| The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue. | |||||
| CVE-2023-3746 | 1 Automattic | 1 Activitypub | 2023-11-07 | N/A | 5.4 MEDIUM |
| The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2023-3706 | 1 Automattic | 1 Activitypub | 2023-11-07 | N/A | 4.3 MEDIUM |
| The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector | |||||
| CVE-2023-2996 | 1 Automattic | 1 Jetpack | 2023-11-07 | N/A | 8.8 HIGH |
| The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. | |||||
| CVE-2022-4497 | 1 Automattic | 1 Jetpack Crm | 2023-11-07 | N/A | 5.4 MEDIUM |
| The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins | |||||
| CVE-2022-3919 | 1 Automattic | 1 Jetpack Crm | 2023-11-07 | N/A | 4.8 MEDIUM |
| The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2022-3342 | 1 Automattic | 1 Jetpack Crm | 2023-11-07 | N/A | 8.8 HIGH |
| The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link. | |||||
| CVE-2022-2034 | 1 Automattic | 1 Sensei Lms | 2023-11-07 | N/A | 5.3 MEDIUM |
| The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers | |||||
| CVE-2021-24329 | 1 Automattic | 1 Wp Super Cache | 2023-11-07 | 3.5 LOW | 5.4 MEDIUM |
| The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. | |||||
| CVE-2021-24209 | 1 Automattic | 1 Wp Super Cache | 2023-11-07 | 9.0 HIGH | 7.2 HIGH |
| The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so this vulnerability can be exploited for a web shell injection. | |||||
| CVE-2017-17058 | 1 Automattic | 1 Woocommerce | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code | |||||
| CVE-2023-28121 | 1 Automattic | 1 Woocommerce Payments | 2023-07-03 | N/A | 9.8 CRITICAL |
| An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. | |||||
| CVE-2023-27429 | 1 Automattic | 1 Jetpack Crm | 2023-06-27 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions. | |||||
| CVE-2022-45069 | 1 Automattic | 1 Crowdsignal Dashboard | 2023-06-27 | N/A | 8.8 HIGH |
| Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. | |||||
| CVE-2021-24374 | 1 Automattic | 1 Jetpack | 2023-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhg_vcs that allowed the comments of non-published page/posts to be leaked. | |||||
| CVE-2022-2080 | 1 Automattic | 1 Sensei Lms | 2022-09-01 | N/A | 4.3 MEDIUM |
| The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student | |||||
| CVE-2022-2386 | 1 Automattic | 1 Crowdsignal Dashboard | 2022-08-12 | N/A | 6.1 MEDIUM |
| The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-24312 | 1 Automattic | 1 Wp Super Cache | 2022-07-29 | 6.5 MEDIUM | 7.2 HIGH |
| The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209. | |||||