Sensata Technologies
Company Details
Linkedin ID:
sensata-technologies
Website:
Employees number:
7,525
Number of followers:
112,112
NAICS:
335
Industry Type:
Homepage:
sensata.com
IP Addresses:
0
Company ID:
SEN_1557367
Scan Status:
In-progress
Sensata Technologies Company CyberSecurity Posture
sensata.com
Sensata Technologies (NYSE: ST) is one of the world's leading suppliers of sensing, electrical protection, control and power management solutions with operations and business centers in 14 countries. Sensata's products improve safety, efficiency and comfort for millions of people every day in automotive, appliance, aircraft, industrial, military, heavy vehicle, heating, air-conditioning and ventilation, data, telecommunications, recreational vehicle and marine applications. Headquartered in Attleboro, Massachusetts, Sensata is a $4 billion+ business with over 21,000 employees worldwide. We pride ourselves on being a leading global company with strong, local decision making and innovative, complex products that make a real difference. For over 100 years we have practiced deep understanding, impressive collaboration, practical creativity and unwavering integrity. Note to applicants for positions in the United States: Sensata is an Equal Employment Opportunity (EEO) / Affirmative Action (AA) /Minorities/Females/Protected Veterans/Disabled Employer.
Sensata Technologies A.I CyberSecurity Scoring
Sensata Technologies Risk Score (AI oriented)Between 0 and 549
Sensata Technologies
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Sensata Technologies Global Score (TPRM)XXXX
Sensata Technologies
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Sensata Technologies Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
Sensata Technologies
Ransomware
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Sensata Technologies, a global industrial tech firm specializing in mission-critical sensors, controls, and electrical protection systems, suffered a ransomware attack on April 6, 2025, resulting in data theft. The breach affected current and former employees and their dependents, compromising sensitive information such as full names, addresses, Social Security Numbers, driver's license numbers, financial account information, and health insurance information. The attack disrupted the company's shipping, manufacturing, and other business operations. Sensata is offering one year of credit monitoring and identity theft protection to impacted individuals.
Sensata Technologies
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Sensata Technologies, a leading industrial technology firm, experienced a ransomware attack that resulted in the theft of personal and protected health information of 15,630 members of the company’s Health and Welfare Benefit Plan. The data stolen included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information, and health insurance information. The company implemented response protocols and offered complimentary credit and identity monitoring to affected individuals.
Sensata Technologies Holding plc
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: Sensata Technologies Holding plc experienced a ransomware incident in April 2025 that compromised personal information including names, Social Security numbers, Tax ID numbers, government-issued ID numbers, financial account info, payment card info, medical info, health insurance info, and dates of birth. The attack impacted the company's operations, including shipping, receiving, manufacturing production, and various other support functions. The incident was first detected on March 28, 2025, and the company offered victims 12 months of free identity restoration through Experian.
Sensata Technologies Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Sensata Technologies
Incidents vs Appliances, Electrical, and Electronics Manufacturing Industry Average (This Year)
Sensata Technologies has 252.94% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Sensata Technologies has 284.62% more incidents than the average of all companies with at least one recorded incident.
Incident Types Sensata Technologies vs Appliances, Electrical, and Electronics Manufacturing Industry Avg (This Year)
Sensata Technologies reported 3 incidents this year: 0 cyber attacks, 3 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — Sensata Technologies (X = Date, Y = Severity)
Sensata Technologies cyber incidents detection timeline including parent company and subsidiaries
Sensata Technologies Company Subsidiaries
Sensata Technologies (NYSE: ST) is one of the world's leading suppliers of sensing, electrical protection, control and power management solutions with operations and business centers in 14 countries. Sensata's products improve safety, efficiency and comfort for millions of people every day in automotive, appliance, aircraft, industrial, military, heavy vehicle, heating, air-conditioning and ventilation, data, telecommunications, recreational vehicle and marine applications. Headquartered in Attleboro, Massachusetts, Sensata is a $4 billion+ business with over 21,000 employees worldwide. We pride ourselves on being a leading global company with strong, local decision making and innovative, complex products that make a real difference. For over 100 years we have practiced deep understanding, impressive collaboration, practical creativity and unwavering integrity. Note to applicants for positions in the United States: Sensata is an Equal Employment Opportunity (EEO) / Affirmative Action (AA) /Minorities/Females/Protected Veterans/Disabled Employer.
Loading...
Sensata Technologies Similar Companies
Bharat Heavy Electricals Limited
Established in 1964, BHEL is one of India's largest engineering and manufacturing enterprises in the energy and infrastructure sectors, and a leading power equipment manufacturer globally. BHEL serves the core sectors of the economy and provides a comprehensive portfolio of products, systems and ser
Keysight empowers innovators to explore, design, and bring world-changing technologies to life. As the industry’s premier global innovation partner, Keysight’s software-centric solutions serve engineers across the design and development environment, enabling them to deliver tomorrow’s breakthroughs
Established in 1984, Haier Group is a world-leading provider of solutions to better life. Focusing on user experience, Haier has been included on the list of BrandZ™ Top 100 Most Valuable Global Brands for two consecutive years as the world’s first and only IoT ecosystem brand. Haier has topped Glob
Midea Group
Midea Group aspires to the vision of “Bringing Great Innovations to Life”, upholding the Founders’ philosophy of creating a better life through technology. Midea Group has evolved into a global leading technology company specializing in five major business areas: Smart Home Business, Industrial and
Havells India Ltd
Havells India Limited is a leading FMEG company with a strong global presence, manufacturing a wide range of electrical products for residential, commercial, and industrial use. Key brands include Havells, Havells Studio, Lloyd, Havells Crabtree, Standard Electricals and REO. With a focus on innova
Honeywell is a Fortune 500 company that invents and manufactures technologies to address tough challenges linked to global macrotrends such as safety, security, and energy. With approximately 110,000 employees worldwide, including more than 19,000 engineers and scientists, we have an unrelenting foc
Delta Electronics
Delta is a global innovative provider of switching power supplies and DC brushless fans, as well as a major source for power management solutions, components, visual displays, industrial automation, networking products, and renewable energy solutions. Delta Group has sales offices worldwide and manu
Volex is a global leader in integrated manufacturing for performance-critical applications and a supplier of power products. We serve a diverse range of markets and customers, with particular expertise in cable assemblies, higher-level assemblies, data centre power and connectivity, electric vehic
Sanmina
Sanmina Corporation (Nasdaq: SANM) is a leading integrated manufacturing solutions provider serving the fastest-growing segments of the global Electronics Manufacturing Services (EMS) market. Recognized as a technology leader, Sanmina Corporationprovides end-to-end manufacturing solutions, deliverin
.png)
Sensata Technologies CyberSecurity News
October 30, 2025 07:00 AM
Sensata Technologies Holding PLC (ST) Q3 2025 Earnings Call Highlights: Navigating Challenges ...
Sensata Technologies Holding PLC (ST) reports strong Q3 results with strategic initiatives driving growth despite market challenges.
October 28, 2025 07:00 AM
Sensata Technologies (NYSE:ST) Exceeds Q3 Expectations
Sensor manufacturer Sensata Technology (NYSE:ST) reported revenue ahead of Wall Street's expectations in Q3 CY2025, but sales fell by 5.2%...
October 28, 2025 07:00 AM
Sensata Technologies Reports Third Quarter 2025 Financial Results
SWINDON, United Kingdom--(BUSINESS WIRE)--Sensata Technologies (NYSE: ST) today announced financial results for its third quarter ended...
October 23, 2025 07:00 AM
Sensata Technologies Board Approves Q4 2025 Dividend of $0.12 Per Share
SWINDON, United Kingdom, October 23, 2025--(BUSINESS WIRE)--Sensata Technologies (NYSE: ST) today announced that its Board of Directors...
October 16, 2025 07:00 AM
Sensata Technologies Stock Earns RS Rating Upgrade
The Relative Strength (RS) Rating for Sensata Technologies stock moved into a higher percentile Thursday, as it got a lift from 64 to 71.
October 03, 2025 07:00 AM
Why manufacturing CEOs must treat cybersecurity as a boardroom priority - ET Edge Insights
Manufacturing has always been the backbone of economies, but today it is also one of the most vulnerable industries in the digital age.
September 15, 2025 07:00 AM
Are Investors Undervaluing Sensata Technologies Holding (ST) Right Now?
Here at Zacks, our focus is on the proven Zacks Rank system, which emphasizes earnings estimates and estimate revisions to find great stocks...
September 03, 2025 07:00 AM
1.2% earnings growth over 5 years has not materialized into gains for Sensata Technologies Holding (NYSE:ST) shareholders over that period
Sensata Technologies Holding plc ( NYSE:ST ) shareholders should be happy to see the share price up 20% in the last...
August 13, 2025 07:00 AM
Sensata Technologies, Vishay Intertechnology, Power Integrations, Entegris, and Amtech Shares Skyrocket, What You Need To Know
A number of stocks jumped in the afternoon session after the semiconductor sector continued to rally as a favorable July inflation report...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Sensata Technologies CyberSecurity History Information
Official Website of Sensata Technologies
The official website of Sensata Technologies is http://www.sensata.com.
Sensata Technologies’s AI-Generated Cybersecurity Score
According to Rankiteo, Sensata Technologies’s AI-generated cybersecurity score is 365, reflecting their Critical security posture.
How many security badges does Sensata Technologies’ have ?
According to Rankiteo, Sensata Technologies currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Sensata Technologies have SOC 2 Type 1 certification ?
According to Rankiteo, Sensata Technologies is not certified under SOC 2 Type 1.
Does Sensata Technologies have SOC 2 Type 2 certification ?
According to Rankiteo, Sensata Technologies does not hold a SOC 2 Type 2 certification.
Does Sensata Technologies comply with GDPR ?
According to Rankiteo, Sensata Technologies is not listed as GDPR compliant.
Does Sensata Technologies have PCI DSS certification ?
According to Rankiteo, Sensata Technologies does not currently maintain PCI DSS compliance.
Does Sensata Technologies comply with HIPAA ?
According to Rankiteo, Sensata Technologies is not compliant with HIPAA regulations.
Does Sensata Technologies have ISO 27001 certification ?
According to Rankiteo,Sensata Technologies is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Sensata Technologies
Sensata Technologies operates primarily in the Appliances, Electrical, and Electronics Manufacturing industry.
Number of Employees at Sensata Technologies
Sensata Technologies employs approximately 7,525 people worldwide.
Subsidiaries Owned by Sensata Technologies
Sensata Technologies presently has no subsidiaries across any sectors.
Sensata Technologies’s LinkedIn Followers
Sensata Technologies’s official LinkedIn profile has approximately 112,112 followers.
NAICS Classification of Sensata Technologies
Sensata Technologies is classified under the NAICS code 335, which corresponds to Electrical Equipment, Appliance, and Component Manufacturing.
Sensata Technologies’s Presence on Crunchbase
Yes, Sensata Technologies has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/sensata-technologies.
Sensata Technologies’s Presence on LinkedIn
Yes, Sensata Technologies maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sensata-technologies.
Cybersecurity Incidents Involving Sensata Technologies
As of December 21, 2025, Rankiteo reports that Sensata Technologies has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Sensata Technologies has an estimated 9,373 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Sensata Technologies ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does Sensata Technologies detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with experian for identity restoration, and remediation measures with interim measures to restore certain functions, and and recovery measures with enrollment in one year of credit monitoring and identity theft protection service, and incident response plan activated with yes, and third party assistance with yes, and law enforcement notified with yes, and containment measures with implemented response protocols, and remediation measures with enhanced security measures, and communication strategy with individual notification letters, complimentary credit and identity monitoring..
Incident Details
Can you provide details on each incident ?
Title: Sensata Data Breach and Ransomware Attack
Description: Industrial tech maker Sensata confirmed a data breach in April 2025 that compromised personal information including names, Social Security numbers, tax ID numbers, government-issued ID numbers, financial account info, payment card info, medical info, health insurance info, and dates of birth. The company notified 362 people in Maine alone. The attack, which started on March 28, 2025, involved ransomware that encrypted certain devices and impacted operations, including shipping, receiving, manufacturing production, and various support functions.
Date Detected: 2025-03-28
Date Publicly Disclosed: 2025-04-06
Type: Ransomware and Data Breach
Title: Sensata Technologies Ransomware Data Breach
Description: Sensata Technologies suffered a data breach and ransomware attack, impacting its shipping, manufacturing, and other business operations. The breach exposed personal information of current and former employees and their dependents.
Date Detected: 2025-04-06
Date Publicly Disclosed: 2025-05-23
Type: Ransomware and Data Breach
Title: PHI Stolen in Sensata Technologies Ransomware Attack
Description: A ransomware attack on Sensata Technologies involved the theft of health and wellness plan data. A former Evoke Wellness employee has been accused of stealing patient data for identity theft, and limited PHI has been impermissibly disclosed due to mailing errors at Blue Shield of California and AffirmedRx PBC.
Date Detected: 2025-04-06
Type: Ransomware
Attack Vector: Ransomware
Motivation: Data Theft
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware and Data Breach SEN410060825
Data Compromised: Names, Social security numbers, Tax id numbers, Government-issued id numbers, Financial account info, Payment card info, Medical info, Health insurance info, Dates of birth
Systems Affected: ShippingReceivingManufacturing productionVarious support functions
Operational Impact: Temporary impact on operations
Incident : Ransomware and Data Breach SEN901060925
Data Compromised: Full name, Address, Social security number (ssn), Driver's license number, State id card number, Passport number, Financial account information, Payment card information, Medical information, Health insurance information, Date of birth
Systems Affected: ShippingManufacturingOther business operations
Incident : Ransomware SEN641061725
Data Compromised: Phi, Pii
Identity Theft Risk: High
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Social Security Numbers, Tax Id Numbers, Government-Issued Id Numbers, Financial Account Info, Payment Card Info, Medical Info, Health Insurance Info, Dates Of Birth, , Personally Identifiable Information (Pii), Financial Information, Medical Information, , Names, Addresses, Date Of Birth, Social Security Number, Tax Identification Number, Driver'S License Number, State-Issued Id Card Number, Passport Number, Government-Issued Id Number, Financial Account Information, Payment Card Information, Medical Information, Health Insurance Information and .
Which entities were affected by each incident ?
Incident : Ransomware and Data Breach SEN410060825
Entity Name: Sensata Technologies Holding plc
Entity Type: Industrial Technology Company
Industry: Manufacturing
Location: Attleboro, Massachusetts
Size: 18,000 employees
Customers Affected: Unknown, but at least 362 in Maine
Incident : Ransomware and Data Breach SEN901060925
Entity Name: Sensata Technologies
Entity Type: Industrial Tech Firm
Industry: Automotive, Aerospace, Defense
Incident : Ransomware SEN641061725
Entity Name: Sensata Technologies, Inc.
Entity Type: Company
Industry: Industrial Technology
Customers Affected: 15630
Incident : Ransomware SEN641061725
Entity Name: Evoke Wellness
Entity Type: Company
Industry: Healthcare
Location: Hilliard, Ohio
Customers Affected: 240
Incident : Ransomware SEN641061725
Entity Name: Blue Shield of California
Entity Type: Company
Industry: Healthcare
Customers Affected: 1543
Incident : Ransomware SEN641061725
Entity Name: AffirmedRx PBC
Entity Type: Company
Industry: Pharmacy Benefits Management
Location: Louisville, Kentucky
Customers Affected: 1089
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware and Data Breach SEN410060825
Third Party Assistance: Experian for identity restoration
Remediation Measures: Interim measures to restore certain functions
Incident : Ransomware and Data Breach SEN901060925
Recovery Measures: Enrollment in one year of credit monitoring and identity theft protection service
Incident : Ransomware SEN641061725
Incident Response Plan Activated: Yes
Third Party Assistance: Yes
Law Enforcement Notified: Yes
Containment Measures: Implemented response protocols
Remediation Measures: Enhanced security measures
Communication Strategy: Individual notification letters, complimentary credit and identity monitoring
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian for identity restoration, , Yes.
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware and Data Breach SEN410060825
Type of Data Compromised: Names, Social security numbers, Tax id numbers, Government-issued id numbers, Financial account info, Payment card info, Medical info, Health insurance info, Dates of birth
Sensitivity of Data: High
Data Exfiltration: Yes
Data Encryption: Yes
Personally Identifiable Information: Yes
Incident : Ransomware and Data Breach SEN901060925
Type of Data Compromised: Personally identifiable information (pii), Financial information, Medical information
Sensitivity of Data: High
Incident : Ransomware SEN641061725
Type of Data Compromised: Names, Addresses, Date of birth, Social security number, Tax identification number, Driver's license number, State-issued id card number, Passport number, Government-issued id number, Financial account information, Payment card information, Medical information, Health insurance information
Number of Records Exposed: 15630
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Interim measures to restore certain functions, Enhanced security measures.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by implemented response protocols.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware and Data Breach SEN901060925
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Enrollment in one year of credit monitoring and identity theft protection service, .
References
Where can I find more information about each incident ?
Incident : Ransomware and Data Breach SEN410060825
Source: Comparitech
Incident : Ransomware and Data Breach SEN901060925
Source: BleepingComputer
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Comparitech, and Source: BleepingComputer.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware and Data Breach SEN410060825
Investigation Status: Preliminary investigation completed
Incident : Ransomware and Data Breach SEN901060925
Investigation Status: Completed
Incident : Ransomware SEN641061725
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Individual notification letters and complimentary credit and identity monitoring.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian for identity restoration, , .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-03-28.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-05-23.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security numbers, Tax ID numbers, Government-issued ID numbers, Financial account info, Payment card info, Medical info, Health insurance info, Dates of birth, , Full name, Address, Social Security Number (SSN), Driver's license number, State ID card number, Passport number, Financial account information, Payment card information, Medical information, Health insurance information, Date of birth, , PHI, PII and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was ShippingReceivingManufacturing productionVarious support functions and ShippingManufacturingOther business operations.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Experian for identity restoration, , .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Implemented response protocols.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Medical information, Payment card info, PHI, Driver's license number, Address, State ID card number, Financial account info, Date of birth, Social Security numbers, PII, Tax ID numbers, Medical info, Passport number, Social Security Number (SSN), Names, Government-issued ID numbers, Payment card information, Health insurance information, Dates of birth, Full name, Financial account information and Health insurance info.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 186.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Comparitech and BleepingComputer.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Preliminary investigation completed.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating the requesting user. Due to improper privilege handling and a time-of-check time-of-use race condition combined with symbolic link and mount point manipulation, a local authenticated attacker can coerce the service into deleting arbitrary directories with SYSTEM privileges. This can be exploited to delete protected system folders such as C:\\Config.msi and subsequently achieve execution as NT AUTHORITY\\SYSTEM via MSI rollback techniques.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject cross-site scripting into the 'status' parameter of applied jobs for any user.
Risk Information
cvss3
Base: 7.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Description
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires TheGem theme (premium) to be installed with Header Builder mode enabled, and the FiboSearch "Replace search bars" option enabled for TheGem integration.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L104
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L94
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3420841%40ajax-search-for-woocommerce%2Ftrunk&old=3398612%40ajax-search-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=#file136
- https://wordpress.org/plugins/ajax-search-for-woocommerce
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8149103e-105d-401d-8a15-b07d131baaac?source=cve
Description
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members function. This is due to the use of a predictable low-entropy token (5 hex characters derived from md5 of post ID) to identify member directories and insufficient authorization checks on the unauthenticated AJAX endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs by enumerating predictable directory_id values or brute-forcing the small 16^5 token space.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/class-functions.php#L41
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-ajax-common.php#L61
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L205
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L2795
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/templates/members.php#L26
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3421362%40ultimate-member%2Ftrunk&old=3408617%40ultimate-member%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/61337d2d-d15a-45f2-b730-fc034eb3cd31?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=sensata-technologies' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
