NotCVE - vendor:"Automattic"

Page 2 of 58 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-51502 – WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR)

https://notcve.org/view.php?id=CVE-2023-51502

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.6.1. The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.6.1 via the update_payment_intent_ajax due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to make updates to payments that don't belong to their orders. • https://patchstack.com/database/vulnerability/woocommerce-gateway-stripe/wordpress-woocommerce-stripe-gateway-plugin-7-6-1-unauthenticated-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-51503 – WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)

https://notcve.org/view.php?id=CVE-2023-51503

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo. Este problema afecta a WooPayments – Fully Integrated Solution Built and Supported by Woo: desde n/a hasta 6.9.2. The WooPayments – Fully Integrated Solution Built and Supported by Woo plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.6.2 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to access unintended objects. • https://patchstack.com/database/vulnerability/woocommerce-payments/wordpress-woopayments-plugin-6-6-2-unauthenticated-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-51488 – WordPress Crowdsignal Dashboard – Polls, Surveys & more Plugin <= 3.0.11 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-51488

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more allows Reflected XSS.This issue affects Crowdsignal Dashboard – Polls, Surveys & more: from n/a through 3.0.11. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more permite XSS Reflejado. Este problema afecta a Crowdsignal Dashboard – Polls, Surveys & more: de n/a hasta 3.0.11. • https://patchstack.com/database/vulnerability/polldaddy/wordpress-crowdsignal-polls-ratings-plugin-3-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-50879 – WordPress WordPress.com Editing Toolkit Plugin <= 3.78784 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-50879

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS.This issue affects WordPress.Com Editing Toolkit: from n/a through 3.78784. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site Scripting') en Automattic WordPress.Com Editing Toolkit permite XSS almacenado. Este problema afecta al WordPress.Com Editing Toolkit: desde n/a hasta 3.78784. The WordPress.com Editing Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.78784 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/full-site-editing/wordpress-wordpress-com-editing-toolkit-plugin-3-78784-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-50875 – WordPress Sensei LMS Plugin <= 4.17.0 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-50875

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS – Online Courses, Quizzes, & Learning allows Stored XSS.This issue affects Sensei LMS – Online Courses, Quizzes, & Learning: from n/a through 4.17.0. La neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Automattic Sensei LMS – Online Courses, Quizzes, & Learning permite almacenar XSS. Este problema afecta a Sensei LMS – Online Courses, Quizzes, & Learning: desde n/ a hasta 4.17.0. The Sensei LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.17.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/sensei-lms/wordpress-sensei-lms-plugin-4-17-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5