Browse all 58 CVE security advisories affecting automattic. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Automattic operates as a software development company best known for creating WordPress, the widely used content management system powering a significant portion of the web. Its core business involves maintaining and distributing this open-source platform, alongside related services like hosting and e-commerce solutions. Historically, the organization has faced numerous security challenges, with 58 Common Vulnerabilities and Exposures (CVEs) recorded to date. These incidents predominantly involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from the complex plugin and theme ecosystem rather than the core software itself. While major data breaches have not been widely publicized, the sheer volume of vulnerabilities highlights the risks associated with its extensive third-party integrations. The company continues to address these issues through regular updates and security advisories, aiming to mitigate the attack surface inherent in its decentralized development model.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-57924 | WordPress Developer Plugin <= 1.2.6 - Cross Site Request Forgery (CSRF) Vulnerability — DeveloperCWE-352 | 4.3 | Medium | 2025-09-22 |
This page lists every published CVE security advisory associated with automattic. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.