← Back

Automattic

automattic

74 CVEs • 30 products

Products (30)

Click to collapse
Toggle
Jetpack
jetpack
16 CVEs
Wp Super Cache
wp_super_cache
6 CVEs
Sensei Lms
sensei_lms
6 CVEs
Woopayments
woopayments
5 CVEs
Activitypub
activitypub
5 CVEs
Crowdsignal Dashboard
crowdsignal_dashboard
4 CVEs
Jetpack Crm
jetpack_crm
4 CVEs
Woocommerce
woocommerce
3 CVEs
Mailpoet
mailpoet
3 CVEs
Camptix Event Ticketing
camptix_event_ticketing
2 CVEs
Woocommerce Blocks
woocommerce_blocks
2 CVEs
Vaultpress
vaultpress
2 CVEs
Woocommerce Bookings
woocommerce_bookings
2 CVEs
Jetpack Boost
jetpack_boost
2 CVEs
Genericons
genericons
1 CVE
Akismet
akismet
1 CVE
W3 Super Cache
w3_super_cache
1 CVE
Canvas
canvas
1 CVE
Woocommerce Payments
woocommerce_payments
1 CVE
Canada Post Shipping Method
canada_post_shipping_method
1 CVE
Woocommerce Gocardless
woocommerce_gocardless
1 CVE
Woocommerce Square
woocommerce_square
1 CVE
Woocommerce Subscriptions
woocommerce_subscriptions
1 CVE
Wordpress.com Editing Toolkit
wordpress.com_editing_toolkit
1 CVE
Woocommerce Stripe
woocommerce_stripe
1 CVE
Newspack Popups
newspack_popups
1 CVE
Newspack Ads
newspack_ads
1 CVE
Ghacitivity
ghacitivity
1 CVE
Ghactivity
ghactivity
1 CVE
Newspack
newspack
1 CVE

CVEs (74)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2013-2010
2Automattic
Boldgrid
2W3 Total Cache
Wp Super Cache
Nov 21, 2024
Feb 12, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVE-2013-2009
1Automattic
1Wp Super Cache
Nov 21, 2024
Feb 7, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
CVE-2013-2008
1Automattic
1Wp Super Cache
Nov 21, 2024
Feb 7, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
WordPress Super Cache Plugin 1.3 has XSS.
CVE-2013-2011
1Automattic
1W3 Super Cache
Nov 21, 2024
Dec 26, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
CVE-2015-9359
1Automattic
1Jetpack
Nov 21, 2024
Aug 28, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9357
1Automattic
1Akismet
Nov 21, 2024
Aug 28, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The akismet plugin before 3.1.5 for WordPress has XSS.
CVE-2016-10763
1Automattic
1Camptix Event Ticketing
Nov 21, 2024
Jul 18, 2019
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
CVE-2016-10762
1Automattic
1Camptix Event Ticketing
Nov 21, 2024
Jul 18, 2019
N/A· v4
7.5 HIGH· v3
5.1 MEDIUM· v2
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
CVE-2016-10706
1Automattic
1Jetpack
Nov 21, 2024
Jan 12, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
CVE-2016-10705
1Automattic
1Jetpack
Nov 21, 2024
Jan 12, 2018
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
CVE-2017-17058
1Automattic
1Woocommerce
May 13, 2026
Nov 29, 2017
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer i...Show more
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" codeShow less
CVE-2015-3429
2Automattic
Debian
2Debian Linux
Genericons
May 6, 2026
Jun 17, 2015
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.
CVE-2014-0173
1Automattic
1Jetpack
May 6, 2026
Apr 22, 2014
N/A· v4
N/A· v3
5.8 MEDIUM· v2
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8...Show more
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information.Show less
CVE-2011-4673
1Automattic
1Jetpack
Apr 29, 2026
Dec 2, 2011
N/A· v4
N/A· v3
7.5 HIGH· v2
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.