VYPR

Vendor CVEs

Automattic

All CVEs

69 total · sorted by risk
  • CVE-2024-10075May 15, 2025
    risk 0.00cvss epss 0.00

    The Jetpack WordPress plugin before 13.8 does not ensure that the post created by the Contact Form is only accessible to authorised users, which could allow unauthenticated users to run arbitrary shortcodes and block.

  • CVE-2025-0466Feb 4, 2025
    risk 0.00cvss epss 0.00

    The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.

  • CVE-2024-43968Nov 1, 2024
    risk 0.00cvss epss 0.00

    Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6.

  • CVE-2024-9944Oct 15, 2024
    risk 0.00cvss epss 0.01

    The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject…

  • CVE-2024-43949Aug 29, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha.

  • CVE-2024-37474Jul 4, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerability in Automattic Newspack Ads allows Stored XSS.This issue affects Newspack Ads: from n/a through 1.47.1.

  • CVE-2024-37476Jul 4, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerability in Automattic Newspack Campaigns allows Stored XSS.This issue affects Newspack Campaigns: from n/a through 2.31.1.

  • CVE-2023-47788Jun 19, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.

  • CVE-2023-27429Jun 21, 2023
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.

  • CVE-2022-4497Jan 9, 2023
    risk 0.00cvss epss 0.01

    The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against…

  • CVE-2022-3919Dec 12, 2022
    risk 0.00cvss epss 0.00

    The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

  • CVE-2022-29832Nov 24, 2022
    risk 0.00cvss epss 0.01

    Cleartext Storage of Sensitive Information in Memory vulnerability in Mitsubishi Electric Corporation GX Works3 versions 1.015R and later, GX Works2 all versions and GX Developer versions 8.40S and later allows a remote unauthenticated attacker to disclose sensitive information.…

  • CVE-2022-45069Nov 17, 2022
    risk 0.00cvss epss 0.01

    Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress.

  • CVE-2022-2386Aug 8, 2022
    risk 0.00cvss epss 0.01

    The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

  • CVE-2021-34066Aug 30, 2021
    risk 0.00cvss epss 0.02

    An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file.

  • CVE-2021-24323May 17, 2021
    risk 0.00cvss epss 0.01

    When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled

  • CVE-2020-8215Jul 20, 2020
    risk 0.00cvss epss 0.02

    A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image.

  • CVE-2015-3429Jun 17, 2015
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.

  • CVE-2014-0173Apr 22, 2014
    risk 0.00cvss epss 0.02

    The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly…

Page 2 of 2