automattic

Top products

The 15 most recently published vulnerabilities affecting automattic.

• CVE-2026-42334Mongoose: Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injection7.5May 14, 2026
• CVE-2026-4338ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure7.5Apr 8, 2026
• CVE-2026-3589WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF7.5Mar 6, 2026
• CVE-2026-22356WordPress Jetpack CRM plugin <= 6.7.0 - Local File Inclusion vulnerability7.5Feb 20, 2026
• CVE-2026-25404WordPress WP Job Manager plugin <= 2.4.0 - Broken Access Control vulnerability5.3Feb 19, 2026
• CVE-2023-54332Jetpack 11.4 - Cross Site Scripting (XSS)6.1Jan 13, 2026
• CVE-2023-52212WordPress WP Job Manager plugin <= 2.0.0 - Cross Site Request Forgery (CSRF) vulnerability5.4Jan 5, 2026
• CVE-2025-69015WordPress Crowdsignal Forms plugin <= 1.7.2 - Broken Access Control vulnerability3.8Dec 30, 2025
• CVE-2025-15033WooCommerce - Subscriber/Customer+ Order Data Disclosure6.5Dec 22, 2025
• CVE-2023-7320WooCommerce <= 7.8.2 - Sensitive Information Exposure5.3Oct 29, 2025
• CVE-2025-49042WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability5.9Oct 29, 2025
• CVE-2025-57924WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability4.3Sep 22, 2025
• CVE-2025-49325WordPress Newspack Newsletters plugin <= 3.13.0 - Open Redirection Vulnerability4.7Jun 6, 2025
• CVE-2025-5062WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting6.1May 22, 2025
• CVE-2024-8009Sensei LMS < 4.20.0 - Teacher+ Users Email Address Disclosure4.3May 15, 2025