342 matches found
CVE-2024-37475
CVE-2024-37475 is a Missing Authorization vulnerability in the WordPress plugin Newspack Newsletters (versions
CVE-2024-37477 WordPress Newspack Content Converter plugin <= 0.1.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic Newspack Content Converter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack Content Converter: from n/a through 0.1.5...
CVE-2024-37477
CVE-2024-37477: WordPress plugin Newspack Content Converter (versions up to and including 0.1.5) contains a Missing Authorization (broken access control) vulnerability due to incorrectly configured access controls. The issue allows exploitation without sufficient privileges and is documented acro...
CVE-2024-43968 WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability
Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6...
CVE-2024-43968 WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability
Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6...
CVE-2024-43968 WordPress Newspack plugin < 3.8.7 - Broken Access Control vulnerability
Broken Access Control vulnerability in Automattic Newspack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Newspack: from n/a through 3.8.6...
PT-2024-27542 · Automattic · Newspack Blocks
Name of the Vulnerable Software and Affected Versions: Newspack Blocks versions through 3.0.8 Description: The issue is related to a Missing Authorization vulnerability in Automattic Newspack Blocks, which allows exploiting incorrectly configured access control security levels. Recommendations: F...
PT-2024-27557 · Automattic · Wp Job Manager - Resume Manager
Name of the Vulnerable Software and Affected Versions: WP Job Manager - Resume Manager versions through 2.1.0 Description: The issue is related to a Missing Authorization vulnerability in Automattic WP Job Manager - Resume Manager, which allows exploiting incorrectly configured access control...
MangoOS 安全漏洞
MangoOS is an open source JavaScript object-oriented programming library from Automattic. A security vulnerability exists in MangoOS versions prior to 5.2.0, which stems from vulnerability to a stored cross-site scripting attack that allows an attacker to execute arbitrary web script or HTML via ...
WordPress Advanced Custom Fields plugin <= 6.3.6 - Administrator+ Limited Arbitrary Function Call vulnerability
Administrator+ Limited Arbitrary Function Call vulnerability discovered by Automattic Security Team in WordPress Plugin Advanced Custom Fields versions = 6.3.6...
CVE-2024-43949
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha...
CVE-2024-43949 WordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha...
CVE-2024-43949
CVE-2024-43949 is a Stored XSS vulnerability in the GHActivity WordPress plugin (Automattic GHActivity) that arises from improper neutralization of input during web page generation. Affected versions are reported as GHActivity from n/a through 2.0.0-alpha. The issue enables stored cross-site scri...
CVE-2024-43949 WordPress GHActivity plugin <= 2.0.0-alpha - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic GHActivity allows Stored XSS.This issue affects GHActivity: from n/a through 2.0.0-alpha...
PT-2024-30810 · Automattic · Ghactivity
Name of the Vulnerable Software and Affected Versions: Automattic GHActivity versions n/a through 2.0.0-alpha Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can...
CVE-2024-35686
Missing Authorization vulnerability in Automattic Sensei LMS, Automattic Sensei Pro WC Paid Courses.This issue affects Sensei LMS: from n/a through 4.23.1; Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...
CVE-2024-39666
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2...
CVE-2024-39666
CVE-2024-39666 is an XSS vulnerability in Automattic WooCommerce (Improper Neutralization of Input During Web Page Generation). Public description states this affects WooCommerce: from n/a through 9.1.2. The Red Hat and EU vulnerability entries repeat the same description, confirming the issue i...
PT-2024-26634 · Automattic · Automattic Sensei Pro +1
Name of the Vulnerable Software and Affected Versions: Automattic Sensei LMS versions 4.23.1 and earlier Automattic Sensei Pro WC Paid Courses versions 4.23.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in Automattic Sensei LMS and Automattic Sensei Pro ...
CVE-2024-37115
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Automattic Newspack Blocks.This issue affects Newspack Blocks: from n/a through 3.0.8...