Known Vulnerabilities for products from Automattic
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Automattic".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-49325 | Not Provided | 2025-06-06 | 2026-04-01 | |
| CVE-2025-49042 | Not Provided | 2025-10-29 | 2026-04-01 | |
| CVE-2025-26762 | Not Provided | 2025-03-27 | 2026-04-01 | |
| CVE-2025-22740 | Not Provided | 2025-03-27 | 2026-04-01 | |
| CVE-2024-43338 | Not Provided | 2024-11-19 | 2026-04-01 | |
| CVE-2024-37242 | Not Provided | 2025-01-02 | 2026-04-01 | |
| CVE-2021-32789 | woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability imp... | 7.5 - HIGH | 2021-07-26 | 2021-08-05 |
| CVE-2021-24374 | The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery... | 5.3 - MEDIUM | 2021-06-21 | 2023-02-04 |
| CVE-2021-24329 | The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, w... | 5.4 - MEDIUM | 2021-06-01 | 2023-11-07 |
| CVE-2021-24312 | The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages ... | 7.2 - HIGH | 2021-06-01 | 2022-07-29 |
| CVE-2021-24209 | The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to in... | 7.2 - HIGH | 2021-04-05 | 2023-11-07 |
| CVE-2020-8215 | A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary co... | 8.8 - HIGH | 2020-07-20 | 2020-07-23 |
| CVE-2017-18356 | In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target sit... | 8.8 - HIGH | 2019-01-15 | 2019-02-07 |
| CVE-2017-17058 | ** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plu... | 7.5 - HIGH | 2017-11-29 | 2023-11-07 |
| CVE-2016-10763 | The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body. | 4.8 - MEDIUM | 2019-07-18 | 2019-07-18 |
| CVE-2016-10762 | The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used. | 7.5 - HIGH | 2019-07-18 | 2019-07-18 |
| CVE-2016-10706 | The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. | 6.1 - MEDIUM | 2018-01-12 | 2018-01-24 |
| CVE-2016-10705 | The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. | 6.1 - MEDIUM | 2018-01-12 | 2018-01-24 |
| CVE-2015-9359 | The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 6.1 - MEDIUM | 2019-08-28 | 2019-08-30 |
| CVE-2015-9357 | The akismet plugin before 3.1.5 for WordPress has XSS. | 6.1 - MEDIUM | 2019-08-28 | 2019-08-29 |
Known software with vulnerabilities from Automattic
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Automattic | Akismet | - |
| Application | Automattic | Camptix | 1.0 |
| Application | Automattic | Camptix Event Ticketing | 1.0 |
| Application | Automattic | Canvas | - |
| Application | Automattic | Genericons | 3.3 |
| Application | Automattic | Jetpack | 1.1 |
| Application | Automattic | W3 Super Cache | 1.4 |
| Application | Automattic | Wp Super Cache | - |