Vulnerabilities (CVE)

Filtered by vendor Automattic Subscribe
Total 55 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10762 1 Automattic 1 Camptix Event Ticketing 2024-11-21 5.1 MEDIUM 7.5 HIGH
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
CVE-2016-10706 1 Automattic 1 Jetpack 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
CVE-2016-10705 1 Automattic 1 Jetpack 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
CVE-2015-9359 1 Automattic 1 Jetpack 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg().
CVE-2015-9357 1 Automattic 1 Akismet 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The akismet plugin before 3.1.5 for WordPress has XSS.
CVE-2015-3429 3 Automattic, Debian, Wordpress 3 Genericons, Debian Linux, Wordpress 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.
CVE-2014-125104 1 Automattic 1 Vaultpress 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263.
CVE-2014-0173 1 Automattic 1 Jetpack 2024-11-21 5.8 MEDIUM N/A
The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x before 2.1.4, 2.2.x before 2.2.7, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.2, 2.6.x before 2.6.3, 2.7.x before 2.7.2, 2.8.x before 2.8.2, and 2.9.x before 2.9.3 for WordPress does not properly restrict access to the XML-RPC service, which allows remote attackers to bypass intended restrictions and publish posts via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2013-2011 1 Automattic 1 W3 Super Cache 2024-11-21 6.8 MEDIUM 8.8 HIGH
WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009.
CVE-2013-2010 2 Automattic, Boldgrid 2 Wp Super Cache, W3 Total Cache 2024-11-21 7.5 HIGH 9.8 CRITICAL
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVE-2013-2009 1 Automattic 1 Wp Super Cache 2024-11-21 6.8 MEDIUM 8.8 HIGH
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
CVE-2013-2008 1 Automattic 1 Wp Super Cache 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
WordPress Super Cache Plugin 1.3 has XSS.
CVE-2011-4673 2 Automattic, Wordpress 2 Jetpack, Wordpress 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2024-7786 1 Automattic 1 Sensei Lms 2024-10-07 N/A 5.3 MEDIUM
The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates.
CVE-2024-43949 1 Automattic 2 Ghacitivity, Ghactivity 2024-09-03 N/A 5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha.