Skip to content

Latest commit

 

History

History
145 lines (141 loc) · 18 KB

TOPAUTOMATTIC.md

File metadata and controls

145 lines (141 loc) · 18 KB
Raw

Back

Top reports from Automattic program at HackerOne:

  1. Denial of service to WP-JSON API by cache poisoning the CORS allow origin header to Automattic - 383 upvotes, $550
  2. Stored XSS in wordpress.com to Automattic - 345 upvotes, $650
  3. IDOR when editing users leads to Account Takeover without User Interaction at CrowdSignal to Automattic - 177 upvotes, $650
  4. Sql injection on docs.atavist.com to Automattic - 138 upvotes, $200
  5. IDOR leads to Edit Anyone's Blogs / Websites to Automattic - 125 upvotes, $200
  6. Permanent DoS with one click. to Automattic - 123 upvotes, $250
  7. [intensedebate.com] SQL Injection Time Based On /js/commentAction/ to Automattic - 120 upvotes, $350
  8. Stored XSS vulnerability in comments on *.wordpress.com to Automattic - 114 upvotes, $350
  9. SQL Injection Union Based to Automattic - 114 upvotes, $350
  10. Email Verification bypass on signup to Automattic - 111 upvotes, $300
  11. DOM-Based XSS in tumblr.com to Automattic - 86 upvotes, $350
  12. Stored XSS on app.crowdsignal.com + your-subdomain.survey.fm via Embed Media to Automattic - 86 upvotes, $100
  13. Authenticated Code Execution through Phar deserialization in CSV Importer as Shop manager in WooCommerce to Automattic - 84 upvotes, $350
  14. XSS in Email Input [intensedebate.com] to Automattic - 82 upvotes, $100
  15. IDOR when moving contents at CrowdSignal to Automattic - 75 upvotes, $550
  16. [intensedebate.com] SQL Injection Time Based on /changeReplaceOpt.php to Automattic - 72 upvotes, $350
  17. Reflected XSS in https://www.intensedebate.com/js/getCommentLink.php to Automattic - 72 upvotes, $250
  18. SQL Injection intensedebate.com to Automattic - 71 upvotes, $350
  19. Stored XSS on https://app.crowdsignal.com/surveys/[Survey-Id]/question - Bypass to Automattic - 70 upvotes, $150
  20. WordPress Flash XSS in flashmediaelement.swf to Automattic - 68 upvotes, $1337
  21. Unauthenticated access to webmail at maildev.happytools.dev leading to compromised wordpress site api.happytools.dev [RCE] to Automattic - 67 upvotes, $200
  22. Stored Self XSS on https://app.crowdsignal.com (in Photo Insert App) + Stored XSS on https://your-subdomain.survey.fm to Automattic - 64 upvotes, $150
  23. Disclosure of 152 cookie names via crafted input to Automattic - 60 upvotes, $100
  24. Broken Authentication - Security token gets captured via man in the middle attack to Automattic - 58 upvotes, $200
  25. SSRF and local file disclosure in https://wordpress.com/media/videos/ via FFmpeg HLS processing to Automattic - 52 upvotes, $800
  26. DOM-Based XSS in tumblr.com to Automattic - 52 upvotes, $350
  27. No Email Checking at Invitation Confirmation Link leads to Account Takeover without User Interaction at CrowdSignal to Automattic - 51 upvotes, $750
  28. [api.tumblr.com] Denial of Service by cookies manipulation to Automattic - 51 upvotes, $200
  29. Wordpress VIP leaks email of the test a/c to Automattic - 51 upvotes, $100
  30. WordPress SOME bug in plupload.flash.swf leading to RCE to Automattic - 49 upvotes, $1337
  31. Stored XSS in wordpress.com to Automattic - 47 upvotes, $350
  32. Stored XSS in Intense Debate comment system to Automattic - 47 upvotes, $200
  33. Captcha bypass for the most important function - At en.instagram-brand.com to Automattic - 45 upvotes, $150
  34. [intensedebate.com] No Rate Limit On The report Functionality Lead To Delete Any Comment When it is enabled to Automattic - 43 upvotes, $200
  35. [IDOR] Attacker user can Approve/Decline AFK on the behalf of other users to Automattic - 41 upvotes, $100
  36. [intensedebate.com] XSS Reflected POST-Based to Automattic - 41 upvotes, $100
  37. WooCommerce: Persistent XSS via customer address (state/county) to Automattic - 40 upvotes, $350
  38. Stored XSS in Jetpack's Simple Payment Module by Contributors / Authors to Automattic - 40 upvotes, $350
  39. Able to comment/view in others support ticket at https://en.instagram-brand.com/requests/dashboard to Automattic - 39 upvotes, $200
  40. DOM based XSS in the WooCommerce plugin to Automattic - 37 upvotes, $275
  41. cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com ) to Automattic - 37 upvotes, $250
  42. Unauthenticated RCE in Vaultpress to Automattic - 31 upvotes, $500
  43. [FG-VD-19-022] Wordpress WooCommerce Cross-Site Scripting Vulnerability Notification to Automattic - 30 upvotes, $200
  44. [api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS to Automattic - 30 upvotes, $150
  45. Site-wide CSRF at Atavist to Automattic - 29 upvotes, $200
  46. WooCommerce Blacklist in 'map_meta_cap' leads to Privilege Escalation of Shopmanagers to Automattic - 26 upvotes, $350
  47. RCE via Print function [Simplenote 1.1.3 - Desktop app] to Automattic - 26 upvotes, $250
  48. Insufficient DKIM record with RSA 512-bit key used on WordPress.com to Automattic - 26 upvotes, $250
  49. Authentication Bypass - Chaining two vulnerabilities leads to account takeover at en.instagram-brand.com to Automattic - 26 upvotes, $175
  50. No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie to Automattic - 26 upvotes, $150
  51. WordPress core stored XSS via attachment file name to Automattic - 25 upvotes, $500
  52. [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id} to Automattic - 25 upvotes, $150
  53. Can buy Atavist Magazine subscription for free to Automattic - 25 upvotes, $100
  54. [tumblr.com] 69< Firefox Only XSS Reflected to Automattic - 24 upvotes, $250
  55. IDOR when editing email leads to Account Takeover on Atavist to Automattic - 23 upvotes, $150
  56. Captcha checker "pd-captcha_form_SURVEYID" cookie is accepting any value to Automattic - 23 upvotes, $100
  57. xss filter bypass [polldaddy] to Automattic - 21 upvotes, $150
  58. Stored XSS in learnboost.com via the lesson[goals] parameter. to Automattic - 21 upvotes, $100
  59. Rate Limit Misconfiguration on tumblr login . to Automattic - 19 upvotes, $100
  60. [tumblr.com] CSRF in /svc/user/filtered_content to Automattic - 18 upvotes, $200
  61. Improper markup sanitization. to Automattic - 18 upvotes, $150
  62. Gaining unlimited bonus points on websites with WooCommerce Points and Rewards to Automattic - 18 upvotes, $150
  63. Reflected XSS on a Atavist theme to Automattic - 18 upvotes, $150
  64. No rate limit on app.crowdsignal.com (Finish quiz) to Automattic - 18 upvotes, $75
  65. Improper markup sanitisation in Simplenote Android application. to Automattic - 16 upvotes, $300
  66. [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron to Automattic - 16 upvotes, $250
  67. [app.simplenote.com] Stored XSS via Markdown SVG filter bypass to Automattic - 16 upvotes, $200
  68. https://secure.gravatar.com to Automattic - 16 upvotes, $150
  69. Stored XSS in www.learnboost.com via ZIP codes. to Automattic - 16 upvotes, $100
  70. [intensedebate.com] Open Redirect to Automattic - 16 upvotes, $75
  71. Arbitrary File Download as Shopmanager to Automattic - 15 upvotes, $350
  72. No Rate Limit on CrowdSignal Polls when Adding Comment to Automattic - 15 upvotes, $150
  73. Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand to Automattic - 15 upvotes, $100
  74. Multiple File Manipulation bugs in WP Super Cache to Automattic - 14 upvotes, $150
  75. Reflected XSS at /category/ on a Atavis theme to Automattic - 14 upvotes, $150
  76. IDOR at 'media_code' when addings media to questions to Automattic - 14 upvotes, $150
  77. Crafted frame injection leading to form-based UI redressing. to Automattic - 14 upvotes, $100
  78. Reflected XSS on a Atavist theme at external_import.php to Automattic - 13 upvotes, $150
  79. [bbPress] Stored XSS in any forum post. to Automattic - 12 upvotes, $300
  80. Lazy Load stored XSS to Automattic - 12 upvotes, $275
  81. Denial-of- service By Cache Poisoning The Cross-Origin Resource Sharing Misconfiguration Allow Origin Header to Automattic - 12 upvotes, $200
  82. Users can bypass page restrictions via Export feature at "Share" feature in CrowdSignal to Automattic - 12 upvotes, $150
  83. Follow Button XSS to Automattic - 12 upvotes, $100
  84. Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com to Automattic - 12 upvotes, $75
  85. wpjobmanager - unserialize of user input to Automattic - 11 upvotes, $250
  86. information disclosure lead to disclose users private notes to Automattic - 11 upvotes, $150
  87. Invalidate session after password reset on https://polldaddy.com to Automattic - 11 upvotes, $0
  88. An Automattic employee's GitHub personal access token exposed in Travis CI build logs to Automattic - 10 upvotes, $500
  89. Remote Code Execution in Wordpress Desktop to Automattic - 10 upvotes, $250
  90. Stored XSS Using Media to Automattic - 10 upvotes, $150
  91. Follow by email allows for following by unverified emails to Automattic - 10 upvotes, $100
  92. WooCommerce: Support Ticket indirect object reference to Automattic - 10 upvotes, $50
  93. Tab nabbing via window.opener.location (target "_blank") to Automattic - 10 upvotes, $0
  94. [public-api.wordpress.com] Stored XSS via Crafted Developer App Description to Automattic - 9 upvotes, $200
  95. Timing attack woocommerce, simplify commerce gateway to Automattic - 9 upvotes, $150
  96. woocommerce - prevent_caching() bug / bypass to Automattic - 9 upvotes, $150
  97. [sub.wordpress.com] - XSS when adjust block Poll - Confirmation Message - On submission:Redirect to another webpage - Redirect address:[xss_payload] to Automattic - 8 upvotes, $350
  98. Permanent DoS at https://happy.tools/ when inviting a user to Automattic - 8 upvotes, $150
  99. Theme Assets uploader allows HTML content to Automattic - 8 upvotes, $100
  100. Stored XSS in assets.txmblr.com to Automattic - 8 upvotes, $0
  101. Object Injection in Woocommerce / Handle PDT Responses from PayPal to Automattic - 7 upvotes, $300
  102. GET /api/v2/url_info endpoint is vulnerable to Blind SSRF to Automattic - 7 upvotes, $0
  103. Non-changing "_idnonce" value leads to CSRF on accounts at https://intensedebate.com for account takeover to Automattic - 6 upvotes, $0
  104. Wordpress.com REST API oauth bypass via Cross Site Flashing to Automattic - 5 upvotes, $150
  105. Persistent Cross-Site Scripting in WooCommerce WordPress plugin to Automattic - 5 upvotes, $75
  106. XSS Vulnerability in WooCommerce Product Vendors plugin to Automattic - 4 upvotes, $225
  107. Internal GET SSRF via CSRF with Press This scan feature to Automattic - 3 upvotes, $250
  108. XSS on www.wordpress.com to Automattic - 3 upvotes, $75
  109. Akismet Several CSRF vulnerabilities to Automattic - 3 upvotes, $75
  110. XSS on codex.wordpress.org to Automattic - 3 upvotes, $75
  111. CPU utilization 99% on visiting wordpress site url & open redirect found to Automattic - 3 upvotes, $75
  112. XSS in WordPress to Automattic - 2 upvotes, $100
  113. XSS at www.woothemes.com to Automattic - 2 upvotes, $75
  114. logout csrf app.simplenote.com/logout to Automattic - 2 upvotes, $0
  115. HTML form without CSRF protection to Automattic - 2 upvotes, $0
  116. privilege escalation to Automattic - 1 upvotes, $250
  117. Verification code issues for Two-Step Authentication to Automattic - 1 upvotes, $100
  118. XSS at wordpress.com to Automattic - 1 upvotes, $75
  119. Remove anyone's pic gravtar to Automattic - 1 upvotes, $75
  120. Possible Timing Side-Channel in XMLRPC Verification to Automattic - 1 upvotes, $50
  121. Session Cookie without Secure flag set to Automattic - 1 upvotes, $0
  122. Serving Transitions From: HTTP Protocol (not secure) to Automattic - 1 upvotes, $0
  123. https://polldaddy.com storage.swf XSS to Automattic - 1 upvotes, $0
  124. xss in app.simplenote.com to Automattic - 1 upvotes, $0
  125. Process of changing email address and password does not asks old Password. to Automattic - 1 upvotes, $0
  126. CSV Injection in polldaddy.com to Automattic - 0 upvotes, $75
  127. Simplenote Silverlight cross-domain policy misconfiguration to Automattic - 0 upvotes, $0
  128. Session Cookie without Secure flag set to Automattic - 0 upvotes, $0
  129. genericons.com - DOM based XSS. to Automattic - 0 upvotes, $0
  130. http://jetpack.me/ Self XSS to Automattic - 0 upvotes, $0
  131. information disclosure to Automattic - 0 upvotes, $0
  132. Open Redirect in WordPress Feed Statistics {Affected All Versions} to Automattic - 0 upvotes, $0
  133. xss in simperium.com to Automattic - 0 upvotes, $0
  134. Top 10 2013-A2-Broken Authentication and Session Management - wordpress.com to Automattic - 0 upvotes, $0
  135. Missing HSTS header in https://app.simplenote.com to Automattic - 0 upvotes, $0
  136. Missing HSTS header in https://public-api.wordpress.com to Automattic - 0 upvotes, $0
  137. XSS on gravatar to Automattic - 0 upvotes, $0
  138. User Enumeration and Guessable User Account Attack on WORDPRESS to Automattic - 0 upvotes, $0

Back