Vulnerabilities > Dfactory

DATE CVE VULNERABILITY TITLE RISK
2024-10-23 CVE-2024-43924 Missing Authorization vulnerability in Dfactory Responsive Lightbox
Missing Authorization vulnerability in dFactory Responsive Lightbox allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Responsive Lightbox: from n/a through 2.4.7.
network
low complexity
dfactory CWE-862
critical
9.8
2024-08-22 CVE-2024-6870 Cross-site Scripting vulnerability in Dfactory Responsive Lightbox
The Responsive Lightbox & Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping affecting the rl_upload_image AJAX endpoint.
network
low complexity
dfactory CWE-79
5.4
2024-06-09 CVE-2024-31252 Unspecified vulnerability in Dfactory Responsive Lightbox & Gallery
Missing Authorization vulnerability in dFactory Responsive Lightbox.This issue affects Responsive Lightbox: from n/a through 2.4.6.
network
low complexity
dfactory
8.8
2023-12-15 CVE-2023-49174 Unspecified vulnerability in Dfactory Responsive Lightbox
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a through 2.4.5.
network
low complexity
dfactory
5.4
2023-03-06 CVE-2023-0076 Unspecified vulnerability in Dfactory Download Attachments
The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
network
low complexity
dfactory
5.4
2021-09-20 CVE-2021-24613 Unspecified vulnerability in Dfactory Post Views Counter
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
network
low complexity
dfactory
4.8
2017-07-07 CVE-2017-2243 Cross-site Scripting vulnerability in Dfactory Responsive Lightbox
Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
dfactory CWE-79
6.1