Lucene search
+L

342 matches found

CVE
CVE
added 2024/11/01 2:18 p.m.46 views

CVE-2024-37475

CVE-2024-37475 is a Missing Authorization vulnerability in the WordPress plugin Newspack Newsletters (versions

5.3CVSS5.3AI score0.00409EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/01 2:18 p.m.18 views

CVE-2024-37477 WordPress Newspack Content Converter plugin <= 0.1.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5...

6.5CVSS0.00394EPSS
Exploits0References1
CVE
CVE
added 2024/11/01 2:18 p.m.45 views

CVE-2024-37477

CVE-2024-37477: WordPress plugin Newspack Content Converter (versions up to and including 0.1.5) contains a Missing Authorization (broken access control) vulnerability due to incorrectly configured access controls. The issue allows exploitation without sufficient privileges and is documented acro...

6.5CVSS6.5AI score0.00394EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/01 2:17 p.m.18 views

CVE-2024-43968 WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability

Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6...

4.3CVSS6.9AI score0.00421EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/01 2:17 p.m.27 views

CVE-2024-43968 WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability

Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6...

4.3CVSS0.00421EPSS
Exploits0References1
OSV
OSV
added 2024/11/01 2:17 p.m.3 views

CVE-2024-43968 WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability

Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6...

4.3CVSS5.9AI score0.00421EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.4 views

PT-2024-27542 · Automattic · Newspack Blocks

Name of the Vulnerable Software and Affected Versions: Newspack Blocks versions through 3.0.8 Description: The issue is related to a Missing Authorization vulnerability in Automattic Newspack Blocks, which allows exploiting incorrectly configured access control security levels. Recommendations: F...

5.4CVSS7.2AI score0.00371EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.9 views

PT-2024-27557 · Automattic · Wp Job Manager - Resume Manager

Name of the Vulnerable Software and Affected Versions: WP Job Manager - Resume Manager versions through 2.1.0 Description: The issue is related to a Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager, which allows exploiting incorrectly configured access control...

4.3CVSS7.2AI score0.00328EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.4 views

MangoOS 安全漏洞

MangoOS is an open source JavaScript object-oriented programming library from Automattic. A security vulnerability exists in MangoOS versions prior to 5.2.0, which stems from vulnerability to a stored cross-site scripting attack that allows an attacker to execute arbitrary web script or HTML via ...

5.4CVSS5.8AI score0.00227EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/07 4:41 p.m.7 views

WordPress Advanced Custom Fields plugin <= 6.3.6 - Administrator+ Limited Arbitrary Function Call vulnerability

Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields versions = 6.3.6...

6.6CVSS7AI score0.00435EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/08/29 6:15 p.m.18 views

CVE-2024-43949

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha...

6.5CVSS0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/29 6:0 p.m.21 views

CVE-2024-43949 WordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha...

6.5CVSS6.8AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2024/08/29 6:0 p.m.56 views

CVE-2024-43949

CVE-2024-43949 is a Stored XSS vulnerability in the GHActivity WordPress plugin (Automattic GHActivity) that arises from improper neutralization of input during web page generation. Affected versions are reported as GHActivity from n/a through 2.0.0-alpha. The issue enables stored cross-site scri...

6.5CVSS6.2AI score0.00246EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2024/08/29 6:0 p.m.13 views

CVE-2024-43949 WordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.10 views

PT-2024-30810 · Automattic · Ghactivity

Name of the Vulnerable Software and Affected Versions: Automattic GHActivity versions n/a through 2.0.0-alpha Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can...

6.5CVSS6AI score0.00246EPSS
Exploits0References7
NVD
NVD
added 2024/08/18 10:15 p.m.30 views

CVE-2024-35686

Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro WC Paid Courses.This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...

5.3CVSS0.00525EPSS
Exploits0References2
NVD
NVD
added 2024/08/18 2:15 p.m.27 views

CVE-2024-39666

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2...

5.9CVSS0.00373EPSS
Exploits0References1
CVE
CVE
added 2024/08/18 1:37 p.m.90 views

CVE-2024-39666

CVE-2024-39666 is an XSS vulnerability in Automattic WooCommerce (Improp­er Neutralization of Input During Web Page Generation). Public description states this affects WooCommerce: from n/a through 9.1.2. The Red Hat and EU vulnerability entries repeat the same description, confirming the issue i...

5.9CVSS5.8AI score0.00373EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/18 12:0 a.m.11 views

PT-2024-26634 · Automattic · Automattic Sensei Pro +1

Name of the Vulnerable Software and Affected Versions: Automattic Sensei LMS versions 4.23.1 and earlier Automattic Sensei Pro WC Paid Courses versions 4.23.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in Automattic Sensei LMS and Automattic Sensei Pro ...

5.3CVSS6.9AI score0.00525EPSS
Exploits0References9
NVD
NVD
added 2024/07/10 6:15 p.m.24 views

CVE-2024-37115

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8...

7.5CVSS0.00551EPSS
Exploits0References1
Rows per page
Query Builder