Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Automattic - HackerOne Reports

View on HackerOne

131

Total Reports

9

Critical

28

High

53

Medium

22

Low

Unauthenticated Private Messages DIsclosure via wordpress Rest API

Reported by: ghimire_veshraj | Disclosed:

Medium

Weakness: Information Disclosure

XSS in Email Input [intensedebate.com]

Reported by: ahmd_halabi | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Follow Button XSS

Reported by: bobrov | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Wordpress.com REST API oauth bypass via Cross Site Flashing

Reported by: opnsec | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com )

Reported by: khizer47 | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Unauthenticated RCE in Vaultpress

Reported by: b258ea62bf297b02afa9854 | Disclosed:

Critical

Multiple File Manipulation bugs in WP Super Cache

Reported by: paulos__ | Disclosed:

Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://your-subdomain.survey.fm

Reported by: ali | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

[IDOR] Attacker user can Approve/Decline AFK on the behalf of other users

Reported by: sachin_kr | Disclosed:

Weakness: Insecure Direct Object Reference (IDOR)

WooCommerce: Support Ticket indirect object reference

Reported by: paresh_parmar | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

[public-api.wordpress.com] Stored XSS via Crafted Developer App Description

Reported by: ysx | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Arbitrary File Download as Shopmanager

Reported by: simonscannell | Disclosed:

High

Weakness: Path Traversal

No rate limit on app.crowdsignal.com (Finish quiz)

Reported by: yusuf_furkan | Disclosed:

Low

Weakness: Business Logic Errors

Reflected XSS at /category/ on a Atavis theme

Reported by: bugra | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

IDOR when editing email leads to Account Takeover on Atavist

Reported by: bugra | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Stored XSS vulnerability in comments on *.wordpress.com

Reported by: poutine_hero | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Able to comment/view in others support ticket at https://en.instagram-brand.com/requests/dashboard

Reported by: cryptordx | Disclosed:

High

Weakness: Information Disclosure

Stored XSS in wordpress.com

Reported by: adhamsadaqah | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

wpjobmanager - unserialize of user input

Reported by: b258ea62bf297b02afa9854 | Disclosed:

Medium

Improper markup sanitisation in Simplenote Android application.

Reported by: edoverflow | Disclosed:

Weakness: UI Redressing (Clickjacking)

Previous Page 3 of 7 Next