Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Automattic — Vulnerabilities & Security Advisories 59

Browse all 59 CVE security advisories affecting Automattic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Automattic:WooCommerceWP Job ManagerWooPayments – Fully Integrated Solution Built and Supported by WooNewspack BlocksJetpack – WP Security, Backup, Speed, & GrowthJetpackNewspack Newslettersautomattic/mongooseWordPressSensei LMSWP Job Manager - Resume ManagerWP Super CacheCrowdsignal FormsDeveloperJetpack Debug ToolsJetpack CRMCrowdsignal Dashboard – Polls, Surveys & moreNewspack Content ConverterNewspackGHActivityNewspack AdsNewspack CampaignsChaosTheorySensei LMS – Online Courses, Quizzes, & LearningWordPress.com Editing ToolkitJetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & AutomationLimit Login Attempts
CVE IDTitleCVSSSeverityPublished
CVE-2026-39660 WordPress WP Job Manager plugin <= 2.4.1 - Broken Access Control vulnerability — WP Job ManagerCWE-862 7.1AIHighAI2026-04-08
CVE-2026-3589 WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF — WooCommerce 8.8 -2026-03-06
CVE-2026-22356 WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability — Jetpack CRMCWE-98 8.8AIHighAI2026-02-20
CVE-2026-25404 WordPress WP Job Manager plugin <= 2.4.0 - Broken Access Control vulnerability — WP Job ManagerCWE-862 7.1AIHighAI2026-02-19
CVE-2023-54332 Jetpack 11.4 - Cross Site Scripting (XSS) — JetpackCWE-79 6.1 Medium2026-01-13
CVE-2023-52212 WordPress WP Job Manager plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability — WP Job ManagerCWE-352 5.4 Medium2026-01-05
CVE-2025-69015 WordPress Crowdsignal Forms plugin <= 1.7.2 - Broken Access Control vulnerability — Crowdsignal FormsCWE-862 3.8 Low2025-12-30
CVE-2025-15033 WooCommerce - Subscriber/Customer+ Order Data Disclosure — WooCommerce 4.3AIMediumAI2025-12-22
CVE-2023-7320 WooCommerce <= 7.8.2 - Sensitive Information Exposure — WooCommerceCWE-200 5.3 Medium2025-10-29
CVE-2025-49042 WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability — WooCommerceCWE-79 5.9 Medium2025-10-29
CVE-2025-57924 WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability — DeveloperCWE-352 4.3 Medium2025-09-22
CVE-2025-49325 WordPress Newspack Newsletters plugin <= 3.13.0 - Open Redirection Vulnerability — Newspack NewslettersCWE-601 4.7 Medium2025-06-06
CVE-2025-5062 WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting — WooCommerceCWE-79 6.1 Medium2025-05-22
CVE-2024-56006 WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability — Jetpack Debug ToolsCWE-862 5.3 Medium2025-05-15
CVE-2025-22740 WordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerability — Sensei LMSCWE-862 5.3 Medium2025-03-27
CVE-2025-26762 WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability — WooCommerceCWE-79 5.9 Medium2025-03-27
CVE-2024-37241 WordPress WP Job Manager Resume Manager plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability — WP Job Manager - Resume ManagerCWE-352 4.3 Medium2025-01-02
CVE-2024-37242 WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability — Newspack NewslettersCWE-352 4.3 Medium2025-01-02
CVE-2024-43338 WordPress Crowdsignal Polls & Ratings plugin <= 3.1.3 - Cross Site Request Forgery (CSRF) vulnerability — Crowdsignal Dashboard – Polls, Surveys & moreCWE-352 4.3 Medium2024-11-19
CVE-2024-37423 WordPress Newspack Blocks plugin <= 3.0.8 - Contributor+ Arbitrary Directory Deletion vulnerability — Newspack BlocksCWE-22 8.5 High2024-11-01
CVE-2024-37425 WordPress Newspack Blocks plugin <= 3.0.8 - Broken Access Control vulnerability — Newspack BlocksCWE-862 5.4 Medium2024-11-01
CVE-2024-37443 WordPress WP Job Manager plugin <= 2.1.0 - Broken Access Control vulnerability — WP Job Manager - Resume ManagerCWE-862 4.3 Medium2024-11-01
CVE-2024-37477 WordPress Newspack Content Converter plugin <= 0.1.5 - Broken Access Control vulnerability — Newspack Content ConverterCWE-862 6.5 Medium2024-11-01
CVE-2024-37475 WordPress Newspack Newsletters plugin <= 2.13.2 - Broken Access Control vulnerability — Newspack NewslettersCWE-862 5.3 Medium2024-11-01
CVE-2024-43968 WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability — NewspackCWE-862 4.3 Medium2024-11-01
CVE-2024-9944 WooCommerce <= 9.0.2 - Unauthenticated HTML Injection — WooCommerceCWE-79 5.3 Medium2024-10-15
CVE-2024-43949 WordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability — GHActivityCWE-79 6.5 Medium2024-08-29
CVE-2024-35686 WordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerability — Sensei LMSCWE-862 5.3 Medium2024-08-18
CVE-2024-39666 WordPress WooCommerce plugin <= 9.1.2 - Cross Site Scripting (XSS) vulnerability — WooCommerceCWE-79 5.9 Medium2024-08-18
CVE-2024-37115 WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability — Newspack BlocksCWE-200 7.5 High2024-07-10

This page lists every published CVE security advisory associated with Automattic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.