342 matches found
CVE-2023-51503
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2...
CVE-2023-51488
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11...
CVE-2019-17426
Automattic Mongoose through 5.7.4 allows attackers to bypass access control in some applications because any query object with a bsontype attribute is ignored. For example, adding "bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around...
CVE-2024-56006
Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...
CVE-2024-51666
Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through = 1.0.0...
CVE-2024-56006
Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...
CVE-2024-51666
Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through = 1.0.0...
CVE-2024-51666 WordPress Tours plugin <= 1.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through = 1.0.0...
CVE-2024-51666 WordPress Tours plugin <= 1.0.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Tosin Oguntuyi Tours tours.This issue affects Tours: from n/a through = 1.0.0...
CVE-2024-51666
CVE-2024-51666 applies to the WordPress Tours plugin (Tours) versions n/a through 1.0.0, describing a Missing Authorization / Broken Access Control vulnerability. The CVE entry records a base CVSS v3.1 vector of AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N with a 4.3 (Medium) impact. Connected sources ind...
CVE-2024-56006 WordPress Jetpack Debug Tools plugin < 2.0.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic Jetpack Debug Tools.This issue affects Jetpack Debug Tools: from n/a before 2.0.1...
CVE-2024-56006
CVE-2024-56006 is a Missing Authorization (Broken Access Control) vulnerability in Automattic Jetpack Debug Tools for WordPress. Affected versions are prior to 2.0.1; the issue enables unauthenticated access to the Jetpack Debug Tools functionality. The CVSS base score is 5.3 (Network attack, no ...
PT-2025-21352 · Automattic · Automattic Tours
Name of the Vulnerable Software and Affected Versions: Automattic Tours versions n/a through 1.0.0 Description: The issue is related to a Missing Authorization vulnerability. This means that there is a lack of proper authorization checks, potentially allowing unauthorized access to certain featur...
PT-2025-21353 · Automattic · Jetpack Debug Tools
Name of the Vulnerable Software and Affected Versions: Automattic Jetpack Debug Tools version prior to 2.0.1 Description: A Missing Authorization issue affects the Jetpack Debug Tools, allowing potential unauthorized access. Recommendations: For versions prior to 2.0.1, update to version 2.0.1 or...
CVE-2025-22740
Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through = 4.24.4...
CVE-2025-22740
Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through = 4.24.4...
CVE-2025-22740
CVE-2025-22740 (Sensei LMS) is a Missing Authorization vulnerability affecting Sensei LMS versions up to 4.24.4. Public details indicate an authorization gap that could allow access to restricted actions/resources. The vulnerability is listed as patched by Wordfence (patched status) and the CVSS ...
CVE-2025-26762
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 9.7.0...
CVE-2025-26762 WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through = 9.7.0...
Linux Distros Unpatched Vulnerability : CVE-2024-31111
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic WordPress allows Stored XSS.This issue...