Automattic - HackerOne Reports
View on HackerOne131
Total Reports
9
Critical
28
High
53
Medium
22
Low
Non-changing "_idnonce" value leads to CSRF on accounts at https://intensedebate.com for account takeover
Reported by:
hackxsd_rootx
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
GET /api/v2/url_info endpoint is vulnerable to Blind SSRF
Reported by:
atc_h1h1
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
[app.simplenote.com] Stored XSS via Markdown SVG filter bypass
Reported by:
ysx
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors
Reported by:
simonscannell
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Stored XSS on wordpress.com
Reported by:
riadalrashed
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Authenticated Code Execution through Phar deserialization in CSV Importer as Shop manager in WooCommerce
Reported by:
simonscannell
|
Disclosed:
High
Weakness: Deserialization of Untrusted Data
Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com
Reported by:
theamanrawat
|
Disclosed:
Low
Weakness: UI Redressing (Clickjacking)
SQL Injection intensedebate.com
Reported by:
lu3ky-13
|
Disclosed:
Medium
Weakness: SQL Injection
Follow by email allows for following by unverified emails
Reported by:
myominthu_sec
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
Captcha bypass for the most important function - At en.instagram-brand.com
Reported by:
saurabhb
|
Disclosed:
Medium
Broken Authentication - Security token gets captured via man in the middle attack
Reported by:
saurabhb
|
Disclosed:
High
Weakness: Improper Authentication - Generic
Previous
Page 7 of 7