Known Vulnerabilities for products from Automattic
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Automattic".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-4338 json | The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users t... | Not Provided | 2026-04-08 | 2026-04-14 |
| CVE-2025-69015 json | Not Provided | 2025-12-30 | 2026-04-27 | |
| CVE-2025-57924 json | Not Provided | 2025-09-22 | 2026-04-28 | |
| CVE-2025-49325 json | Not Provided | 2025-06-06 | 2026-04-23 | |
| CVE-2025-49042 json | Not Provided | 2025-10-29 | 2026-04-23 | |
| CVE-2025-26762 json | Not Provided | 2025-03-27 | 2026-04-23 | |
| CVE-2025-22740 json | Not Provided | 2025-03-27 | 2026-04-23 | |
| CVE-2024-56006 json | Not Provided | 2025-05-15 | 2026-04-28 | |
| CVE-2024-43338 json | Not Provided | 2024-11-19 | 2026-04-23 | |
| CVE-2024-37242 json | Not Provided | 2025-01-02 | 2026-04-23 | |
| CVE-2024-37241 json | Not Provided | 2025-01-02 | 2026-04-28 | |
| CVE-2024-4392 json | The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Stored Cross-Site Scripting via th... | Not Provided | 2024-05-14 | 2026-04-08 |
| CVE-2023-51503 json | Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built ... | Not Provided | 2023-12-31 | 2026-04-28 |
| CVE-2023-51502 json | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue a... | Not Provided | 2024-01-05 | 2026-04-28 |
| CVE-2023-51489 json | Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard – Polls, Surveys & more.This issu... | Not Provided | 2024-03-16 | 2026-04-28 |
| CVE-2023-51488 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic, Inc. Crowds... | Not Provided | 2024-02-10 | 2026-04-28 |
| CVE-2023-50879 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Co... | Not Provided | 2023-12-29 | 2026-04-28 |
| CVE-2023-50875 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic Sensei LMS �... | Not Provided | 2024-02-12 | 2026-04-28 |
| CVE-2023-49828 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooPayments ... | Not Provided | 2023-12-14 | 2026-04-28 |
| CVE-2023-47789 json | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.This issue affects Canada Post Shi... | Not Provided | 2023-12-18 | 2026-04-28 |
Known software with vulnerabilities from Automattic
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Automattic | Akismet | - |
| Application | Automattic | Camptix | 1.0 |
| Application | Automattic | Camptix Event Ticketing | 1.0 |
| Application | Automattic | Canvas | - |
| Application | Automattic | Genericons | 3.3 |
| Application | Automattic | Jetpack | 1.1 |
| Application | Automattic | W3 Super Cache | 1.4 |
| Application | Automattic | Wp Super Cache | - |