Known Vulnerabilities for products from Automattic
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Automattic".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39660 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-4338 json | The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users t... | Not Provided | 2026-04-08 | 2026-04-14 |
| CVE-2025-49325 json | Not Provided | 2025-06-06 | 2026-04-01 | |
| CVE-2025-49042 json | Not Provided | 2025-10-29 | 2026-04-01 | |
| CVE-2025-26762 json | Not Provided | 2025-03-27 | 2026-04-01 | |
| CVE-2025-22740 json | Not Provided | 2025-03-27 | 2026-04-01 | |
| CVE-2024-43338 json | Not Provided | 2024-11-19 | 2026-04-01 | |
| CVE-2024-37242 json | Not Provided | 2025-01-02 | 2026-04-01 | |
| CVE-2024-4392 json | The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th... | Not Provided | 2024-05-14 | 2026-04-08 |
| CVE-2023-51503 json | 7.5 - HIGH | 2023-12-31 | 2024-01-05 | |
| CVE-2023-50879 json | 5.4 - MEDIUM | 2023-12-29 | 2024-01-05 | |
| CVE-2023-47777 json | 5.4 - MEDIUM | 2023-11-30 | 2023-12-05 | |
| CVE-2023-45050 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2023-11-30 | 2023-12-06 |
| CVE-2023-28121 json | An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send r... | 9.8 - CRITICAL | 2023-04-12 | 2023-12-18 |
| CVE-2023-27429 json | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 ... | 4.8 - MEDIUM | 2023-06-21 | 2023-06-27 |
| CVE-2023-5057 json | The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could a... | 5.4 - MEDIUM | 2023-10-16 | 2023-11-07 |
| CVE-2023-3746 json | The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow con... | 5.4 - MEDIUM | 2023-10-16 | 2023-11-07 |
| CVE-2023-3707 json | The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the... | 4.3 - MEDIUM | 2023-10-16 | 2023-11-07 |
| CVE-2023-3706 json | The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the p... | 4.3 - MEDIUM | 2023-10-16 | 2023-11-07 |
| CVE-2023-2996 json | The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to man... | 8.8 - HIGH | 2023-06-27 | 2023-11-07 |
Known software with vulnerabilities from Automattic
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Automattic | Akismet | - |
| Application | Automattic | Camptix | 1.0 |
| Application | Automattic | Camptix Event Ticketing | 1.0 |
| Application | Automattic | Canvas | - |
| Application | Automattic | Genericons | 3.3 |
| Application | Automattic | Jetpack | 1.1 |
| Application | Automattic | W3 Super Cache | 1.4 |
| Application | Automattic | Wp Super Cache | - |