Skip to content

Latest commit

 

History

History
165 lines (164 loc) · 21.2 KB

TOPAUTOMATTIC.md

File metadata and controls

165 lines (164 loc) · 21.2 KB
Raw

Top reports from Automattic program at HackerOne:

  1. Denial of service to WP-JSON API by cache poisoning the CORS allow origin header to Automattic - 391 upvotes, $0
  2. Stored XSS in wordpress.com to Automattic - 350 upvotes, $0
  3. IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal to Automattic - 187 upvotes, $0
  4. Sql injection on docs.atavist.com to Automattic - 161 upvotes, $0
  5. IDOR leads to Edit Anyone's Blogs / Websites to Automattic - 158 upvotes, $0
  6. Permanent DoS with one click. to Automattic - 126 upvotes, $0
  7. SQL Injection Union Based to Automattic - 126 upvotes, $0
  8. [intensedebate.com] SQL Injection Time Based On /js/commentAction/ to Automattic - 123 upvotes, $0
  9. Email Verification bypass on signup to Automattic - 120 upvotes, $0
  10. Stored XSS vulnerability in comments on *.wordpress.com to Automattic - 114 upvotes, $0
  11. XSS in Email Input [intensedebate.com] to Automattic - 99 upvotes, $0
  12. Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media to Automattic - 94 upvotes, $0
  13. SQL Injection intensedebate.com to Automattic - 93 upvotes, $0
  14. DOM-Based XSS in tumblr.com to Automattic - 90 upvotes, $0
  15. Authenticated Code Execution through Phar deserialization in CSV Importer as Shop manager in WooCommerce to Automattic - 84 upvotes, $0
  16. DOM XSS on multiple Automattic domains through postMessages to Automattic - 84 upvotes, $0
  17. IDOR when moving contents at CrowdSignal to Automattic - 83 upvotes, $0
  18. Stored XSS on https://app.crowdsignal.com/surveys/[Survey-Id]/question - Bypass to Automattic - 76 upvotes, $0
  19. [intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php to Automattic - 74 upvotes, $0
  20. Reflected XSS in https://www.intensedebate.com/js/getCommentLink.php to Automattic - 74 upvotes, $0
  21. Unauthenticated access to webmail at maildev.happytools.dev leading to compromised wordpress site api.happytools.dev [RCE] to Automattic - 71 upvotes, $0
  22. WordPress Flash XSS in flashmediaelement.swf to Automattic - 67 upvotes, $0
  23. Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://your-subdomain.survey.fm to Automattic - 67 upvotes, $0
  24. Disclosure of 152 cookie names via crafted input to Automattic - 64 upvotes, $0
  25. Broken Authentication - Security token gets captured via man in the middle attack to Automattic - 62 upvotes, $0
  26. SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing to Automattic - 59 upvotes, $0
  27. Stored XSS on wordpress.com to Automattic - 59 upvotes, $0
  28. DOM-Based XSS in tumblr.com to Automattic - 56 upvotes, $0
  29. No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal to Automattic - 55 upvotes, $0
  30. Captcha bypass for the most important function - At en.instagram-brand.com to Automattic - 54 upvotes, $0
  31. Wordpress VIP leaks email of the test a/c to Automattic - 52 upvotes, $0
  32. [api.tumblr.com] Denial of Service by cookies manipulation to Automattic - 52 upvotes, $0
  33. Stored XSS in Intense Debate comment system to Automattic - 52 upvotes, $0
  34. Able to comment/view in others support ticket at https://en.instagram-brand.com/requests/dashboard to Automattic - 51 upvotes, $0
  35. XSS and HTML Injection on the pressable.com search box to Automattic - 51 upvotes, $0
  36. WordPress SOME bug in plupload.flash.swf leading to RCE to Automattic - 49 upvotes, $0
  37. Stored XSS in wordpress.com to Automattic - 47 upvotes, $0
  38. [IDOR] Attacker user can Approve/Decline AFK on the behalf of other users to Automattic - 46 upvotes, $0
  39. [intensedebate.com] No Rate Limit On The report Functionality Lead To Delete Any Comment When it is enabled to Automattic - 46 upvotes, $0
  40. Unauthenticated Private Messages DIsclosure via wordpress Rest API to Automattic - 43 upvotes, $0
  41. [intensedebate.com] XSS Reflected POST-Based to Automattic - 42 upvotes, $0
  42. Authentication & Registration Bypass in Newspack Extended Access to Automattic - 42 upvotes, $0
  43. Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors to Automattic - 41 upvotes, $0
  44. WooCommerce: Persistent XSS via customer address (state/county) to Automattic - 40 upvotes, $0
  45. reflected xss in https://wordpress.com/start/account/user to Automattic - 39 upvotes, $0
  46. cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com ) to Automattic - 38 upvotes, $0
  47. DOM based XSS in the WooCommerce plugin to Automattic - 37 upvotes, $0
  48. Authentication bypass on JetPack SSO manager - Allows to access the administration panel of wordpress without user interaction to Automattic - 37 upvotes, $0
  49. Authentication & Registration Bypass in Newspack Extended Access to Automattic - 37 upvotes, $0
  50. Sensei LMS IDOR to send message to Automattic - 35 upvotes, $0
  51. IDOR in API applications (able to see any API token, leads to account takeover) to Automattic - 33 upvotes, $0
  52. Stored XSS on app.crowdsignal.com your-subdomain.crowdsignal.net via Thank You Header to Automattic - 33 upvotes, $0
  53. IDOR when editing email leads to Account Takeover on Atavist to Automattic - 32 upvotes, $0
  54. SSRF & Blind XSS in Gravatar email to Automattic - 32 upvotes, $0
  55. Unauthenticated RCE in Vaultpress to Automattic - 31 upvotes, $0
  56. Stored XSS on wordpress.com to Automattic - 31 upvotes, $0
  57. [FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification to Automattic - 30 upvotes, $0
  58. [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS to Automattic - 30 upvotes, $0
  59. Site-wide CSRF at Atavist to Automattic - 30 upvotes, $0
  60. No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie to Automattic - 30 upvotes, $0
  61. Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com to Automattic - 29 upvotes, $0
  62. Open redirect via redirect_to parameter in tumblr.com to Automattic - 29 upvotes, $0
  63. RCE via Print function [Simplenote 1.1.3 - Desktop app] to Automattic - 27 upvotes, $0
  64. Insufficient DKIM record with RSA 512-bit key used on WordPress.com to Automattic - 27 upvotes, $0
  65. Can buy Atavist Magazine subscription for free to Automattic - 27 upvotes, $0
  66. WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers to Automattic - 26 upvotes, $0
  67. WordPress core stored XSS via attachment file name to Automattic - 25 upvotes, $0
  68. [tumblr.com] 69< Firefox Only XSS Reflected to Automattic - 25 upvotes, $0
  69. Captcha checker "pd-captcha_form_SURVEYID" cookie is accepting any value to Automattic - 25 upvotes, $0
  70. [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id} to Automattic - 25 upvotes, $0
  71. Timeline API returns private post when target of a push notification to Automattic - 24 upvotes, $0
  72. information disclosure lead to disclose users private notes to Automattic - 23 upvotes, $0
  73. xss filter bypass [polldaddy] to Automattic - 21 upvotes, $0
  74. Stored XSS in learnboost.com via the lesson[goals] parameter. to Automattic - 21 upvotes, $0
  75. Gaining unlimited bonus points on websites with WooCommerce Points and Rewards to Automattic - 21 upvotes, $0
  76. Improper markup sanitization. to Automattic - 19 upvotes, $0
  77. No rate limit on app.crowdsignal.com (Finish quiz) to Automattic - 19 upvotes, $0
  78. Rate Limit Misconfiguration on tumblr login . to Automattic - 19 upvotes, $0
  79. Reflected XSS on a Atavist theme to Automattic - 19 upvotes, $0
  80. IDOR at 'media_code' when addings media to questions to Automattic - 18 upvotes, $0
  81. [tumblr.com] CSRF in /svc/user/filtered_content to Automattic - 18 upvotes, $0
  82. [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron to Automattic - 17 upvotes, $0
  83. Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand to Automattic - 17 upvotes, $0
  84. [intensedebate.com] Open Redirect to Automattic - 17 upvotes, $0
  85. https://secure.gravatar.com to Automattic - 16 upvotes, $0
  86. [app.simplenote.com] Stored XSS via Markdown SVG filter bypass to Automattic - 16 upvotes, $0
  87. Improper markup sanitisation in Simplenote Android application. to Automattic - 16 upvotes, $0
  88. Stored XSS in www.learnboost.com via ZIP codes. to Automattic - 16 upvotes, $0
  89. Multiple File Manipulation bugs in WP Super Cache to Automattic - 15 upvotes, $0
  90. Arbitrary File Download as Shopmanager to Automattic - 15 upvotes, $0
  91. Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header to Automattic - 15 upvotes, $0
  92. Reflected XSS at /category/ on a Atavis theme to Automattic - 15 upvotes, $0
  93. WooCommerce: Support Ticket indirect object reference to Automattic - 14 upvotes, $0
  94. Crafted frame injection leading to form-based UI redressing. to Automattic - 14 upvotes, $0
  95. No Rate Limit on CrowdSignal Polls when Adding Comment to Automattic - 14 upvotes, $0
  96. Reflected XSS on a Atavist theme at external_import.php to Automattic - 14 upvotes, $0
  97. Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal to Automattic - 14 upvotes, $0
  98. Stored XSS in intensedebate.com via the Comments RSS to Automattic - 14 upvotes, $0
  99. Akismet API keys are exposed by authentication method to Automattic - 14 upvotes, $0
  100. Entering passwords on the Share Login Page can lead to a brute-force attack to Automattic - 14 upvotes, $0
  101. [sub.wordpress.com] - XSS when adjust block Poll - Confirmation Message - On submission:Redirect to another webpage - Redirect address:[xss_payload] to Automattic - 13 upvotes, $0
  102. [bbPress] Stored XSS in any forum post. to Automattic - 12 upvotes, $0
  103. Follow Button XSS to Automattic - 12 upvotes, $0
  104. Lazy Load stored XSS to Automattic - 12 upvotes, $0
  105. Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com to Automattic - 12 upvotes, $0
  106. Invalidate session after password reset on https://polldaddy.com to Automattic - 11 upvotes, $0
  107. wpjobmanager - unserialize of user input to Automattic - 11 upvotes, $0
  108. Tab nabbing via window.opener.location (target "_blank") to Automattic - 11 upvotes, $0
  109. Permanent DoS at https://happy.tools/ when inviting a user to Automattic - 11 upvotes, $0
  110. Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url to Automattic - 11 upvotes, $0
  111. Reflected XSS due to vulnerable version of sockjs to Automattic - 11 upvotes, $0
  112. An Automattic employee's GitHub personal access token exposed in Travis CI build logs to Automattic - 10 upvotes, $0
  113. Stored XSS Using Media to Automattic - 10 upvotes, $0
  114. Remote Code Execution in Wordpress Desktop to Automattic - 10 upvotes, $0
  115. Follow by email allows for following by unverified emails to Automattic - 10 upvotes, $0
  116. Stored XSS in assets.txmblr.com to Automattic - 10 upvotes, $0
  117. Ability to subscribe to inactive Post+ creators to Automattic - 10 upvotes, $0
  118. Timing attack woocommerce, simplify commerce gateway to Automattic - 9 upvotes, $0
  119. woocommerce - prevent_caching() bug / bypass to Automattic - 9 upvotes, $0
  120. [public-api.wordpress.com] Stored XSS via Crafted Developer App Description to Automattic - 9 upvotes, $0
  121. Site information's Display Name section vulnerable for XSS attacks and HTML Injections. to Automattic - 9 upvotes, $0
  122. Theme Assets uploader allows HTML content to Automattic - 8 upvotes, $0
  123. GET /api/v2/url_info endpoint is vulnerable to Blind SSRF to Automattic - 8 upvotes, $0
  124. Object Injection in Woocommerce / Handle PDT Responses from PayPal to Automattic - 7 upvotes, $0
  125. Persistent Cross-Site Scripting in WooCommerce WordPress plugin to Automattic - 6 upvotes, $0
  126. Wordpress.com REST API oauth bypass via Cross Site Flashing to Automattic - 6 upvotes, $0
  127. Non-changing "_idnonce" value leads to CSRF on accounts at https://intensedebate.com for account takeover to Automattic - 6 upvotes, $0
  128. De-anonymize anonymous tips through the Tumblr blog network to Automattic - 6 upvotes, $0
  129. privilege escalation to Automattic - 5 upvotes, $0
  130. IDOR able to buy a plan with lesser fee to Automattic - 5 upvotes, $0
  131. Archived / Deleted / Private Poll Can Be Viewed by Another Users [Crowdsignal WordPress plugins] to Automattic - 5 upvotes, $0
  132. HTML form without CSRF protection to Automattic - 4 upvotes, $0
  133. XSS Vulnerability in WooCommerce Product Vendors plugin to Automattic - 4 upvotes, $0
  134. Serving Transitions From: HTTP Protocol (not secure) to Automattic - 3 upvotes, $0
  135. logout csrf app.simplenote.com/logout to Automattic - 3 upvotes, $0
  136. XSS in WordPress to Automattic - 3 upvotes, $0
  137. XSS at www.woothemes.com to Automattic - 3 upvotes, $0
  138. Internal GET SSRF via CSRF with Press This scan feature to Automattic - 3 upvotes, $0
  139. XSS on www.wordpress.com to Automattic - 3 upvotes, $0
  140. Akismet Several CSRF vulnerabilities to Automattic - 3 upvotes, $0
  141. XSS on codex.wordpress.org to Automattic - 3 upvotes, $0
  142. CPU utilization 99% on visiting wordpress site url & open redirect found to Automattic - 3 upvotes, $0
  143. Session Cookie without Secure flag set to Automattic - 2 upvotes, $0
  144. https://polldaddy.com storage.swf XSS to Automattic - 2 upvotes, $0
  145. xss in app.simplenote.com to Automattic - 2 upvotes, $0
  146. Process of changing email address and password does not asks old Password. to Automattic - 2 upvotes, $0
  147. Top 10 2013-A2-Broken Authentication and Session Management - wordpress.com to Automattic - 2 upvotes, $0
  148. Verification code issues for Two-Step Authentication to Automattic - 2 upvotes, $0
  149. Remove anyone's pic gravtar to Automattic - 2 upvotes, $0
  150. Simplenote Silverlight cross-domain policy misconfiguration to Automattic - 1 upvotes, $0
  151. Session Cookie without Secure flag set to Automattic - 1 upvotes, $0
  152. genericons.com - DOM based XSS. to Automattic - 1 upvotes, $0
  153. http://jetpack.me/ Self XSS to Automattic - 1 upvotes, $0
  154. information disclosure to Automattic - 1 upvotes, $0
  155. Open Redirect in WordPress Feed Statistics {Affected All Versions} to Automattic - 1 upvotes, $0
  156. xss in simperium.com to Automattic - 1 upvotes, $0
  157. Missing HSTS header in https://app.simplenote.com to Automattic - 1 upvotes, $0
  158. Missing HSTS header in https://public-api.wordpress.com to Automattic - 1 upvotes, $0
  159. XSS on gravatar to Automattic - 1 upvotes, $0
  160. User Enumeration and Guessable User Account Attack on WORDPRESS to Automattic - 1 upvotes, $0
  161. CSV Injection in polldaddy.com to Automattic - 1 upvotes, $0
  162. XSS at wordpress.com to Automattic - 1 upvotes, $0
  163. Possible Timing Side-Channel in XMLRPC Verification to Automattic - 1 upvotes, $0