Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Automattic - HackerOne Reports

View on HackerOne

131

Total Reports

9

Critical

28

High

53

Medium

22

Low

Authentication bypass on JetPack SSO manager - Allows to access the administration panel of wordpress without user interaction

Reported by: sodium_ | Disclosed:

High

Authentication & Registration Bypass in Newspack Extended Access

Reported by: xurizaemon0 | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Object Injection in Woocommerce / Handle PDT Responses from PayPal

Reported by: b258ea62bf297b02afa9854 | Disclosed:

Medium

Authentication & Registration Bypass in Newspack Extended Access

Reported by: xurizaemon0 | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Email Verification bypass on signup

Reported by: haqsek2 | Disclosed:

High

Weakness: Violation of Secure Design Principles

[intensedebate.com] XSS Reflected POST-Based

Reported by: fuzzme | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header

Reported by: hannanhaseeb | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand

Reported by: saurabhb | Disclosed:

Low

Weakness: Improper Authentication - Generic

Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com

Reported by: saurabhb | Disclosed:

High

Weakness: Improper Authentication - Generic

Sql injection on docs.atavist.com

Reported by: lu3ky-13 | Disclosed:

High

Weakness: SQL Injection

Stored XSS in Intense Debate comment system

Reported by: sodium_ | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

SQL Injection Union Based

Reported by: fuzzme | Disclosed:

Critical

Timeline API returns private post when target of a push notification

Reported by: nightpool | Disclosed:

Low

Weakness: Improper Access Control - Generic

Stored XSS on https://app.crowdsignal.com/surveys/[Survey-Id]/question - Bypass

Reported by: ali | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

IDOR leads to Edit Anyone's Blogs / Websites

Reported by: ali | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

[api.tumblr.com] Denial of Service by cookies manipulation

Reported by: fuzzme | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

XSS and HTML Injection on the pressable.com search box

Reported by: sawrav-chowdhury | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Stored XSS in wordpress.com

Reported by: ucuping | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

XSS Vulnerability in WooCommerce Product Vendors plugin

Reported by: ramuelgall | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Reflected

Improper markup sanitisation in Simplenote Android application.

Reported by: edoverflow | Disclosed:

Weakness: UI Redressing (Clickjacking)

Page 1 of 7 Next