Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Automattic - HackerOne Reports

View on HackerOne

131

Total Reports

9

Critical

28

High

53

Medium

22

Low

IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal

Reported by: bugra | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Stored XSS on wordpress.com

Reported by: riadalrashed | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

RCE via Print function [Simplenote 1.1.3 - Desktop app]

Reported by: luigigubello | Disclosed:

High

Weakness: Code Injection

Stored XSS Using Media

Reported by: dyoon | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Ability to subscribe to inactive Post+ creators

Reported by: ajoekerr | Disclosed:

Low

Weakness: Business Logic Errors

Permanent DoS with one click.

Reported by: asdasdasdasdasda | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

WooCommerce: Persistent XSS via customer address (state/county)

Reported by: foobar7 | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Open redirect via redirect_to parameter in tumblr.com

Reported by: shivangmauryaa | Disclosed:

Low

Weakness: Open Redirect

No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie

Reported by: bugra | Disclosed:

Low

Weakness: Business Logic Errors

CPU utilization 99% on visiting wordpress site url & open redirect found

Reported by: csanuragjain | Disclosed:

Weakness: Open Redirect

[Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron

Reported by: ysx | Disclosed:

High

Weakness: Code Injection

Site information's Display Name section vulnerable for XSS attacks and HTML Injections.

Reported by: sawrav-chowdhury | Disclosed:

Low

Weakness: Cross-site Scripting (XSS) - Stored

https://secure.gravatar.com

Reported by: isaeva | Disclosed:

Medium

Stored XSS in intensedebate.com via the Comments RSS

Reported by: bugra | Disclosed:

Medium

Rate Limit Misconfiguration on tumblr login .

Reported by: u0pattern | Disclosed:

Weakness: Improper Authentication - Generic

[sub.wordpress.com] - XSS when adjust block Poll - Confirmation Message - On submission:Redirect to another webpage - Redirect address:[xss_payload]

Reported by: superman85 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

[intensedebate.com] Open Redirect

Reported by: fuzzme | Disclosed:

Weakness: Open Redirect

Improper markup sanitization.

Reported by: edoverflow | Disclosed:

Weakness: UI Redressing (Clickjacking)

DOM based XSS in the WooCommerce plugin

Reported by: wild0ni0n | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

woocommerce - prevent_caching() bug / bypass

Reported by: b258ea62bf297b02afa9854 | Disclosed:

Medium

Previous Page 5 of 7 Next