Vulnerabilities > Webfactoryltd

DATE CVE VULNERABILITY TITLE RISK
2024-06-08 CVE-2024-5087 Missing Authorization vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38.
network
low complexity
webfactoryltd CWE-862
5.4
2024-06-08 CVE-2024-5770 Missing Authorization vulnerability in Webfactoryltd WP Force SSL
The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66.
network
low complexity
webfactoryltd CWE-862
4.3
2024-02-05 CVE-2024-1075 Unspecified vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode
The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37.
network
low complexity
webfactoryltd
5.3
2023-12-29 CVE-2023-50837 Unspecified vulnerability in Webfactoryltd WP Login Lockdown 2.06
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06.
network
low complexity
webfactoryltd
7.2
2023-12-15 CVE-2023-49747 Unspecified vulnerability in Webfactoryltd Guest Author
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.
network
low complexity
webfactoryltd
5.4
2023-08-14 CVE-2023-3601 Unspecified vulnerability in Webfactoryltd Simple Author BOX
The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor.
network
low complexity
webfactoryltd
4.3
2023-06-09 CVE-2023-0831 Unspecified vulnerability in Webfactoryltd Under Construction
The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96.
network
low complexity
webfactoryltd
4.3
2023-06-09 CVE-2023-0832 Unspecified vulnerability in Webfactoryltd Under Construction
The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96.
network
low complexity
webfactoryltd
4.3
2023-04-06 CVE-2023-1913 Unspecified vulnerability in Webfactoryltd Maps Widget for Google Maps
The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping.
network
low complexity
webfactoryltd
4.8
2022-05-30 CVE-2022-1582 Unspecified vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.
network
low complexity
webfactoryltd
6.1