Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Automattic - HackerOne Reports

View on HackerOne

131

Total Reports

9

Critical

28

High

53

Medium

22

Low

Unauthenticated access to webmail at maildev.happytools.dev leading to compromised wordpress site api.happytools.dev [RCE]

Reported by: superman85 | Disclosed:

High

Weakness: Information Disclosure

Invalidate session after password reset on https://polldaddy.com

Reported by: nullsaint | Disclosed:

Weakness: Insufficient Session Expiration

Permanent DoS at https://happy.tools/ when inviting a user

Reported by: boy_child_ | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

De-anonymize anonymous tips through the Tumblr blog network

Reported by: ajoekerr | Disclosed:

Medium

Weakness: Privacy Violation

[intensedebate.com] No Rate Limit On The report Functionality Lead To Delete Any Comment When it is enabled

Reported by: fuzzme | Disclosed:

High

Weakness: Business Logic Errors

Disclosure of 152 cookie names via crafted input

Reported by: albinowax | Disclosed:

Low

Weakness: Information Disclosure

xss filter bypass [polldaddy]

Reported by: paresh_parmar | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Reflected XSS on a Atavist theme at external_import.php

Reported by: bugra | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Reflected

Race condition on add 1 free domain

Reported by: root_geek280 | Disclosed:

Medium

Weakness: Business Logic Errors

SSRF & Blind XSS in Gravatar email

Reported by: rockybandana | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Reflected XSS due to vulnerable version of sockjs

Reported by: chip_sec | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Theme Assets uploader allows HTML content

Reported by: myominthu_sec | Disclosed:

Low

Weakness: Unrestricted Upload of File with Dangerous Type

Akismet API keys are exposed by authentication method

Reported by: aaroncarson | Disclosed:

Low

Weakness: Storing Passwords in a Recoverable Format

IDOR able to buy a plan with lesser fee

Reported by: ug0x01 | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

[intensedebate.com] SQL Injection Time Based On /js/commentAction/

Reported by: fuzzme | Disclosed:

Critical

Weakness: SQL Injection

information disclosure lead to disclose users private notes

Reported by: hamzadzworm | Disclosed:

Low

Weakness: Information Disclosure

Reflected XSS in https://www.intensedebate.com/js/getCommentLink.php

Reported by: sudi | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Can buy Atavist Magazine subscription for free

Reported by: bugra | Disclosed:

High

Weakness: Improper Access Control - Generic

Site-wide CSRF at Atavist

Reported by: bugra | Disclosed:

High

Improper markup sanitisation in Simplenote Android application.

Reported by: edoverflow | Disclosed:

Weakness: UI Redressing (Clickjacking)

Previous Page 2 of 7 Next