Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Automattic - HackerOne Reports

View on HackerOne

131

Total Reports

9

Critical

28

High

53

Medium

22

Low

IDOR in API applications (able to see any API token, leads to account takeover)

Reported by: bugra | Disclosed:

Critical

Weakness: Insecure Direct Object Reference (IDOR)

Sensei LMS IDOR to send message

Reported by: ghimire_veshraj | Disclosed:

Low

Weakness: Insecure Direct Object Reference (IDOR)

WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers

Reported by: simonscannell | Disclosed:

High

Weakness: Privilege Escalation

DOM-Based XSS in tumblr.com

Reported by: keer0k | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - DOM

Tab nabbing via window.opener.location (target "_blank")

Reported by: subnetix | Disclosed:

Weakness: Open Redirect

Gaining unlimited bonus points on websites with WooCommerce Points and Rewards

Reported by: kolyasapphire | Disclosed:

High

Weakness: Business Logic Errors

[tumblr.com] CSRF in /svc/user/filtered_content

Reported by: fuzzme | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

Stored XSS on app.crowdsignal.com your-subdomain.crowdsignal.net via Thank You Header

Reported by: 0xwega74 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Stored XSS in assets.txmblr.com

Reported by: keer0k | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

[FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification

Reported by: yzy9951 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

[intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id}

Reported by: fuzzme | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Reflected XSS on a Atavist theme

Reported by: bugra | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Timing attack woocommerce, simplify commerce gateway

Reported by: b258ea62bf297b02afa9854 | Disclosed:

Medium

[bbPress] Stored XSS in any forum post.

Reported by: psych0tr1a | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

CVEs: CVE-2015-5622

SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing

Reported by: neex | Disclosed:

Weakness: Information Disclosure

Wordpress VIP leaks email of the test a/c

Reported by: cryptordx | Disclosed:

Medium

Weakness: Information Disclosure

Archived / Deleted / Private Poll Can Be Viewed by Another Users [Crowdsignal WordPress plugins]

Reported by: apapedulimu | Disclosed:

Low

Weakness: Improper Access Control - Generic

reflected xss in https://wordpress.com/start/account/user

Reported by: secureighty | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Persistent Cross-Site Scripting in WooCommerce WordPress plugin

Reported by: spipm | Disclosed:

Weakness: Cross-site Scripting (XSS) - Generic

Woocommerce SQL Injection in WC_Report_Coupon_Usage

Reported by: q5ca | Disclosed:

Medium

Weakness: SQL Injection

Previous Page 6 of 7 Next