Vulnerabilities > Dfactory
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-15 | CVE-2023-49174 | Cross-site Scripting vulnerability in Dfactory Responsive Lightbox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5. | 5.4 |
| 2023-03-06 | CVE-2023-0076 | Unspecified vulnerability in Dfactory Download Attachments The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2021-09-20 | CVE-2021-24613 | Cross-site Scripting vulnerability in Dfactory Post Views Counter The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed | 3.5 |
| 2017-07-07 | CVE-2017-2243 | Cross-site Scripting vulnerability in Dfactory Responsive Lightbox Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |