Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Automattic - HackerOne Reports

View on HackerOne

131

Total Reports

9

Critical

28

High

53

Medium

22

Low

[api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS

Reported by: fuzzme | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

No Rate Limit on CrowdSignal Polls when Adding Comment

Reported by: bugra | Disclosed:

Low

Weakness: Business Logic Errors

An Automattic employee's GitHub personal access token exposed in Travis CI build logs

Reported by: sainaen | Disclosed:

Medium

Weakness: Information Exposure Through an Error Message

Stored XSS in www.learnboost.com via ZIP codes.

Reported by: edoverflow | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

Stored XSS in learnboost.com via the lesson[goals] parameter.

Reported by: edoverflow | Disclosed:

Weakness: Cross-site Scripting (XSS) - Stored

Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url

Reported by: superpan | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Captcha checker "pd-captcha_form_SURVEYID" cookie is accepting any value

Reported by: bugra | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media

Reported by: ali | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Insufficient DKIM record with RSA 512-bit key used on WordPress.com

Reported by: vavkamil | Disclosed:

Medium

Weakness: Inadequate Encryption Strength

Remote Code Execution in Wordpress Desktop

Reported by: mattaustin | Disclosed:

Critical

Weakness: Code Injection

DOM XSS on multiple Automattic domains through postMessages

Reported by: renniepak | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - DOM

DOM-Based XSS in tumblr.com

Reported by: keer0k | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Crafted frame injection leading to form-based UI redressing.

Reported by: edoverflow | Disclosed:

Weakness: UI Redressing (Clickjacking)

[intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php

Reported by: fuzzme | Disclosed:

Critical

Weakness: SQL Injection

Denial of service to WP-JSON API by cache poisoning the CORS allow origin header

Reported by: nathand | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal

Reported by: bugra | Disclosed:

Medium

IDOR when moving contents at CrowdSignal

Reported by: bugra | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

[tumblr.com] 69< Firefox Only XSS Reflected

Reported by: fuzzme | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

IDOR at 'media_code' when addings media to questions

Reported by: bugra | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal

Reported by: bugra | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Previous Page 4 of 7 Next