TOPAUTOMATTIC.md

Top reports from Automattic program at HackerOne:

1. Denial of service to WP-JSON API by cache poisoning the CORS allow origin header to Automattic - 387 upvotes, $0
2. Stored XSS in wordpress.com to Automattic - 348 upvotes, $0
3. IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal to Automattic - 178 upvotes, $0
4. Sql injection on docs.atavist.com to Automattic - 158 upvotes, $0
5. IDOR leads to Edit Anyone's Blogs / Websites to Automattic - 144 upvotes, $0
6. Permanent DoS with one click. to Automattic - 124 upvotes, $0
7. SQL Injection Union Based to Automattic - 123 upvotes, $0
8. [intensedebate.com] SQL Injection Time Based On /js/commentAction/ to Automattic - 120 upvotes, $0
9. Stored XSS vulnerability in comments on *.wordpress.com to Automattic - 114 upvotes, $0
10. Email Verification bypass on signup to Automattic - 114 upvotes, $0
11. Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media to Automattic - 93 upvotes, $0
12. XSS in Email Input [intensedebate.com] to Automattic - 91 upvotes, $0
13. DOM-Based XSS in tumblr.com to Automattic - 90 upvotes, $0
14. SQL Injection intensedebate.com to Automattic - 87 upvotes, $0
15. Authenticated Code Execution through Phar deserialization in CSV Importer as Shop manager in WooCommerce to Automattic - 84 upvotes, $0
16. IDOR when moving contents at CrowdSignal to Automattic - 76 upvotes, $0
17. Stored XSS on https://app.crowdsignal.com/surveys/[Survey-Id]/question - Bypass to Automattic - 75 upvotes, $0
18. Reflected XSS in https://www.intensedebate.com/js/getCommentLink.php to Automattic - 74 upvotes, $0
19. [intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php to Automattic - 72 upvotes, $0
20. Unauthenticated access to webmail at maildev.happytools.dev leading to compromised wordpress site api.happytools.dev [RCE] to Automattic - 71 upvotes, $0
21. WordPress Flash XSS in flashmediaelement.swf to Automattic - 67 upvotes, $0
22. Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://your-subdomain.survey.fm to Automattic - 67 upvotes, $0
23. Disclosure of 152 cookie names via crafted input to Automattic - 63 upvotes, $0
24. Broken Authentication - Security token gets captured via man in the middle attack to Automattic - 61 upvotes, $0
25. SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing to Automattic - 56 upvotes, $0
26. DOM-Based XSS in tumblr.com to Automattic - 56 upvotes, $0
27. Stored XSS on wordpress.com to Automattic - 55 upvotes, $0
28. Wordpress VIP leaks email of the test a/c to Automattic - 52 upvotes, $0
29. No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal to Automattic - 52 upvotes, $0
30. Stored XSS in Intense Debate comment system to Automattic - 52 upvotes, $0
31. [api.tumblr.com] Denial of Service by cookies manipulation to Automattic - 51 upvotes, $0
32. Able to comment/view in others support ticket at https://en.instagram-brand.com/requests/dashboard to Automattic - 50 upvotes, $0
33. XSS and HTML Injection on the pressable.com search box to Automattic - 50 upvotes, $0
34. WordPress SOME bug in plupload.flash.swf leading to RCE to Automattic - 49 upvotes, $0
35. Captcha bypass for the most important function - At en.instagram-brand.com to Automattic - 49 upvotes, $0
36. Stored XSS in wordpress.com to Automattic - 47 upvotes, $0
37. [intensedebate.com] No Rate Limit On The report Functionality Lead To Delete Any Comment When it is enabled to Automattic - 43 upvotes, $0
38. [IDOR] Attacker user can Approve/Decline AFK on the behalf of other users to Automattic - 42 upvotes, $0
39. [intensedebate.com] XSS Reflected POST-Based to Automattic - 42 upvotes, $0
40. Unauthenticated Private Messages DIsclosure via wordpress Rest API to Automattic - 41 upvotes, $0
41. WooCommerce: Persistent XSS via customer address (state/county) to Automattic - 40 upvotes, $0
42. Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors to Automattic - 40 upvotes, $0
43. cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com ) to Automattic - 38 upvotes, $0
44. DOM based XSS in the WooCommerce plugin to Automattic - 37 upvotes, $0
45. Sensei LMS IDOR to send message to Automattic - 33 upvotes, $0
46. Unauthenticated RCE in Vaultpress to Automattic - 31 upvotes, $0
47. Stored XSS on app.crowdsignal.com your-subdomain.crowdsignal.net via Thank You Header to Automattic - 31 upvotes, $0
48. [FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification to Automattic - 30 upvotes, $0
49. [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS to Automattic - 30 upvotes, $0
50. Site-wide CSRF at Atavist to Automattic - 30 upvotes, $0
51. No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie to Automattic - 30 upvotes, $0
52. SSRF & Blind XSS in Gravatar email to Automattic - 30 upvotes, $0
53. Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com to Automattic - 28 upvotes, $0
54. IDOR when editing email leads to Account Takeover on Atavist to Automattic - 28 upvotes, $0
55. Stored XSS on wordpress.com to Automattic - 28 upvotes, $0
56. RCE via Print function [Simplenote 1.1.3 - Desktop app] to Automattic - 26 upvotes, $0
57. Insufficient DKIM record with RSA 512-bit key used on WordPress.com to Automattic - 26 upvotes, $0
58. WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers to Automattic - 26 upvotes, $0
59. Can buy Atavist Magazine subscription for free to Automattic - 26 upvotes, $0
60. WordPress core stored XSS via attachment file name to Automattic - 25 upvotes, $0
61. [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id} to Automattic - 25 upvotes, $0
62. [tumblr.com] 69< Firefox Only XSS Reflected to Automattic - 24 upvotes, $0
63. Captcha checker "pd-captcha_form_SURVEYID" cookie is accepting any value to Automattic - 24 upvotes, $0
64. IDOR in API applications (able to see any API token, leads to account takeover) to Automattic - 24 upvotes, $0
65. xss filter bypass [polldaddy] to Automattic - 21 upvotes, $0
66. Stored XSS in learnboost.com via the lesson[goals] parameter. to Automattic - 21 upvotes, $0
67. Improper markup sanitization. to Automattic - 19 upvotes, $0
68. Gaining unlimited bonus points on websites with WooCommerce Points and Rewards to Automattic - 19 upvotes, $0
69. Rate Limit Misconfiguration on tumblr login . to Automattic - 19 upvotes, $0
70. Reflected XSS on a Atavist theme to Automattic - 19 upvotes, $0
71. No rate limit on app.crowdsignal.com (Finish quiz) to Automattic - 18 upvotes, $0
72. [tumblr.com] CSRF in /svc/user/filtered_content to Automattic - 18 upvotes, $0
73. information disclosure lead to disclose users private notes to Automattic - 18 upvotes, $0
74. [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron to Automattic - 17 upvotes, $0
75. https://secure.gravatar.com to Automattic - 16 upvotes, $0
76. [app.simplenote.com] Stored XSS via Markdown SVG filter bypass to Automattic - 16 upvotes, $0
77. Improper markup sanitisation in Simplenote Android application. to Automattic - 16 upvotes, $0
78. Stored XSS in www.learnboost.com via ZIP codes. to Automattic - 16 upvotes, $0
79. Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand to Automattic - 16 upvotes, $0
80. [intensedebate.com] Open Redirect to Automattic - 16 upvotes, $0
81. Multiple File Manipulation bugs in WP Super Cache to Automattic - 15 upvotes, $0
82. Arbitrary File Download as Shopmanager to Automattic - 15 upvotes, $0
83. Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header to Automattic - 15 upvotes, $0
84. Reflected XSS at /category/ on a Atavis theme to Automattic - 15 upvotes, $0
85. IDOR at 'media_code' when addings media to questions to Automattic - 15 upvotes, $0
86. Crafted frame injection leading to form-based UI redressing. to Automattic - 14 upvotes, $0
87. No Rate Limit on CrowdSignal Polls when Adding Comment to Automattic - 14 upvotes, $0
88. Reflected XSS on a Atavist theme at external_import.php to Automattic - 14 upvotes, $0
89. Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal to Automattic - 13 upvotes, $0
90. Stored XSS in intensedebate.com via the Comments RSS to Automattic - 13 upvotes, $0
91. Akismet API keys are exposed by authentication method to Automattic - 13 upvotes, $0
92. [bbPress] Stored XSS in any forum post. to Automattic - 12 upvotes, $0
93. WooCommerce: Support Ticket indirect object reference to Automattic - 12 upvotes, $0
94. Follow Button XSS to Automattic - 12 upvotes, $0
95. Lazy Load stored XSS to Automattic - 12 upvotes, $0
96. Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com to Automattic - 12 upvotes, $0
97. [sub.wordpress.com] - XSS when adjust block Poll - Confirmation Message - On submission:Redirect to another webpage - Redirect address:[xss_payload] to Automattic - 12 upvotes, $0
98. Invalidate session after password reset on https://polldaddy.com to Automattic - 11 upvotes, $0
99. wpjobmanager - unserialize of user input to Automattic - 11 upvotes, $0
100. Tab nabbing via window.opener.location (target "_blank") to Automattic - 11 upvotes, $0
101. Reflected XSS due to vulnerable version of sockjs to Automattic - 11 upvotes, $0
102. An Automattic employee's GitHub personal access token exposed in Travis CI build logs to Automattic - 10 upvotes, $0
103. Stored XSS Using Media to Automattic - 10 upvotes, $0
104. Remote Code Execution in Wordpress Desktop to Automattic - 10 upvotes, $0
105. Follow by email allows for following by unverified emails to Automattic - 10 upvotes, $0
106. Stored XSS in assets.txmblr.com to Automattic - 10 upvotes, $0
107. Stored XSS on the "www.intensedebate.com/extras-widgets" url at "Recent comments by" module with malicious blog url to Automattic - 10 upvotes, $0
108. Timing attack woocommerce, simplify commerce gateway to Automattic - 9 upvotes, $0
109. woocommerce - prevent_caching() bug / bypass to Automattic - 9 upvotes, $0
110. [public-api.wordpress.com] Stored XSS via Crafted Developer App Description to Automattic - 9 upvotes, $0
111. Permanent DoS at https://happy.tools/ when inviting a user to Automattic - 9 upvotes, $0
112. Ability to subscribe to inactive Post+ creators to Automattic - 9 upvotes, $0
113. Site information's Display Name section vulnerable for XSS attacks and HTML Injections. to Automattic - 9 upvotes, $0
114. Theme Assets uploader allows HTML content to Automattic - 8 upvotes, $0
115. Object Injection in Woocommerce / Handle PDT Responses from PayPal to Automattic - 7 upvotes, $0
116. GET /api/v2/url_info endpoint is vulnerable to Blind SSRF to Automattic - 7 upvotes, $0
117. Persistent Cross-Site Scripting in WooCommerce WordPress plugin to Automattic - 6 upvotes, $0
118. Non-changing "_idnonce" value leads to CSRF on accounts at https://intensedebate.com for account takeover to Automattic - 6 upvotes, $0
119. De-anonymize anonymous tips through the Tumblr blog network to Automattic - 6 upvotes, $0
120. Wordpress.com REST API oauth bypass via Cross Site Flashing to Automattic - 5 upvotes, $0
121. Archived / Deleted / Private Poll Can Be Viewed by Another Users [Crowdsignal WordPress plugins] to Automattic - 5 upvotes, $0
122. XSS Vulnerability in WooCommerce Product Vendors plugin to Automattic - 4 upvotes, $0
123. XSS at www.woothemes.com to Automattic - 3 upvotes, $0
124. Internal GET SSRF via CSRF with Press This scan feature to Automattic - 3 upvotes, $0
125. XSS on www.wordpress.com to Automattic - 3 upvotes, $0
126. Akismet Several CSRF vulnerabilities to Automattic - 3 upvotes, $0
127. XSS on codex.wordpress.org to Automattic - 3 upvotes, $0
128. CPU utilization 99% on visiting wordpress site url & open redirect found to Automattic - 3 upvotes, $0
129. IDOR able to buy a plan with lesser fee to Automattic - 3 upvotes, $0
130. Serving Transitions From: HTTP Protocol (not secure) to Automattic - 2 upvotes, $0
131. logout csrf app.simplenote.com/logout to Automattic - 2 upvotes, $0
132. HTML form without CSRF protection to Automattic - 2 upvotes, $0
133. privilege escalation to Automattic - 2 upvotes, $0
134. XSS in WordPress to Automattic - 2 upvotes, $0
135. Session Cookie without Secure flag set to Automattic - 1 upvotes, $0
136. https://polldaddy.com storage.swf XSS to Automattic - 1 upvotes, $0
137. xss in app.simplenote.com to Automattic - 1 upvotes, $0
138. Process of changing email address and password does not asks old Password. to Automattic - 1 upvotes, $0
139. Top 10 2013-A2-Broken Authentication and Session Management - wordpress.com to Automattic - 1 upvotes, $0
140. Verification code issues for Two-Step Authentication to Automattic - 1 upvotes, $0
141. XSS at wordpress.com to Automattic - 1 upvotes, $0
142. Possible Timing Side-Channel in XMLRPC Verification to Automattic - 1 upvotes, $0
143. Remove anyone's pic gravtar to Automattic - 1 upvotes, $0
144. Simplenote Silverlight cross-domain policy misconfiguration to Automattic - 0 upvotes, $0
145. Session Cookie without Secure flag set to Automattic - 0 upvotes, $0
146. genericons.com - DOM based XSS. to Automattic - 0 upvotes, $0
147. http://jetpack.me/ Self XSS to Automattic - 0 upvotes, $0
148. information disclosure to Automattic - 0 upvotes, $0
149. Open Redirect in WordPress Feed Statistics {Affected All Versions} to Automattic - 0 upvotes, $0
150. xss in simperium.com to Automattic - 0 upvotes, $0
151. Missing HSTS header in https://app.simplenote.com to Automattic - 0 upvotes, $0
152. Missing HSTS header in https://public-api.wordpress.com to Automattic - 0 upvotes, $0
153. XSS on gravatar to Automattic - 0 upvotes, $0
154. User Enumeration and Guessable User Account Attack on WORDPRESS to Automattic - 0 upvotes, $0
155. CSV Injection in polldaddy.com to Automattic - 0 upvotes, $0