Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Automattic — Vulnerabilities & Security Advisories 59

Browse all 59 CVE security advisories affecting Automattic. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Automattic:WooCommerceWP Job ManagerWooPayments – Fully Integrated Solution Built and Supported by WooNewspack BlocksJetpack – WP Security, Backup, Speed, & GrowthJetpackNewspack Newslettersautomattic/mongooseWordPressSensei LMSWP Job Manager - Resume ManagerWP Super CacheCrowdsignal FormsDeveloperJetpack Debug ToolsJetpack CRMCrowdsignal Dashboard – Polls, Surveys & moreNewspack Content ConverterNewspackGHActivityNewspack AdsNewspack CampaignsChaosTheorySensei LMS – Online Courses, Quizzes, & LearningWordPress.com Editing ToolkitJetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & AutomationLimit Login Attempts
CVE IDTitleCVSSSeverityPaused
CVE-2024-37424 WordPress Newspack Blocks plugin <= 3.0.8 - Arbitrary File Upload vulnerability — Newspack BlocksCWE-434 9.9 Critical2024-07-09
CVE-2024-35777 WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability — WooCommerceCWE-74 3.5 Low2024-07-09
CVE-2024-37474 WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability — Newspack Ads 6.5 Medium2024-07-04
CVE-2024-37476 WordPress Newspack Campaigns plugin <= 2.31.1 - Cross Site Scripting (XSS) vulnerability — Newspack Campaigns 6.5 Medium2024-07-04
CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability — WordPressCWE-22 5.0 Medium2024-06-25
CVE-2024-31111 WordPress Core < 6.5.5 - Cross Site Scripting (XSS) vulnerability — WordPressCWE-79 6.5 Medium2024-06-25
CVE-2023-47788 WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability — JetpackCWE-862 4.3 Medium2024-06-19
CVE-2024-34766 WordPress ChaosTheory theme <= 1.3 - Cross Site Scripting (XSS) vulnerability — ChaosTheoryCWE-79 6.5 Medium2024-06-03
CVE-2024-4392 Jetpack – WP Security, Backup, Speed, & Growth <= 13.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpvideo Shortcode — Jetpack – WP Security, Backup, Speed, & GrowthCWE-79 6.4 Medium2024-05-14
CVE-2024-34549 WordPress WP Job Manager plugin <= 2.2.2 - Sensitive Data Exposure vulnerability — WP Job ManagerCWE-200 5.3 Medium2024-05-09
CVE-2023-47774 WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability — JetpackCWE-1021 5.4 Medium2024-04-24
CVE-2023-52211 WordPress WP Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability — WP Job ManagerCWE-862 5.3 Medium2024-04-12
CVE-2024-22155 WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability — WooCommerceCWE-352 4.3 Medium2024-04-07
CVE-2023-50875 WordPress Sensei LMS Plugin <= 4.17.0 is vulnerable to Cross Site Scripting (XSS) — Sensei LMS – Online Courses, Quizzes, & LearningCWE-79 6.5 Medium2024-02-12
CVE-2023-52222 WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerceCWE-352 4.3 Medium2024-01-08
CVE-2023-51503 WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR) — WooPayments – Fully Integrated Solution Built and Supported by WooCWE-639 5.9 Medium2023-12-31
CVE-2023-50879 WordPress WordPress.com Editing Toolkit Plugin <= 3.78784 is vulnerable to Cross Site Scripting (XSS) — WordPress.com Editing ToolkitCWE-79 6.5 Medium2023-12-29
CVE-2023-35915 WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to SQL Injection — WooPayments – Fully Integrated Solution Built and Supported by WooCWE-89 7.6 High2023-12-20
CVE-2023-35916 WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR) — WooPayments – Fully Integrated Solution Built and Supported by WooCWE-639 7.5 High2023-12-20
CVE-2023-49828 WordPress WooCommerce Payments Plugin <= 6.4.2 is vulnerable to Cross Site Scripting (XSS) — WooPayments – Fully Integrated Solution Built and Supported by WooCWE-79 6.5 Medium2023-12-14
CVE-2023-45050 WordPress Jetpack Plugin <= 12.8-a.1 is vulnerable to Cross Site Scripting (XSS) — Jetpack – WP Security, Backup, Speed, & GrowthCWE-79 6.5 Medium2023-11-30
CVE-2023-47777 WordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerability — WooCommerceCWE-79 6.5 Medium2023-11-30
CVE-2022-3342 Jetpack CRM <= 5.3.1 - Cross-Site Request Forgery and PHAR Deserialization — Jetpack CRM – Clients, Leads, Invoices, Billing, Email Marketing, & AutomationCWE-502 7.5 High2023-10-20
CVE-2023-3696 Prototype Pollution in automattic/mongoose — automattic/mongooseCWE-1321 9.8 -2023-07-17
CVE-2023-1912 Limit Login Attempts <= 1.7.1 - Unauthenticated Stored Cross-Site Scripting — Limit Login AttemptsCWE-79 7.2 High2023-04-06
CVE-2022-2564 Prototype Pollution in automattic/mongoose — automattic/mongooseCWE-1321 9.8 -2022-07-28
CVE-2021-24374 Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak — Jetpack – WP Security, Backup, Speed, & GrowthCWE-639 5.3 -2021-06-21
CVE-2021-24312 WP Super Cache < 1.7.3 - Authenticated Remote Code Execution — WP Super CacheCWE-94 7.2 -2021-06-01
CVE-2021-24323 Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS) — WooCommerceCWE-79 4.8 -2021-05-17

This page lists every published CVE security advisory associated with Automattic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.