Vulnerabilities > Webfactoryltd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-08 | CVE-2024-4661 | Missing Authorization vulnerability in Webfactoryltd WP Reset The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. | 4.3 |
| 2024-06-08 | CVE-2024-5087 | Missing Authorization vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. | 5.4 |
| 2024-06-08 | CVE-2024-5770 | Missing Authorization vulnerability in Webfactoryltd WP Force SSL The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. | 4.3 |
| 2024-02-05 | CVE-2024-1075 | Unspecified vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. | 5.3 |
| 2023-12-29 | CVE-2023-50837 | SQL Injection vulnerability in Webfactoryltd WP Login Lockdown 2.06 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06. | 7.2 |
| 2023-12-15 | CVE-2023-49747 | Cross-site Scripting vulnerability in Webfactoryltd Guest Author Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3. | 5.4 |
| 2023-08-14 | CVE-2023-3601 | Unspecified vulnerability in Webfactoryltd Simple Author BOX The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. | 4.3 |
| 2023-06-09 | CVE-2023-0831 | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |
| 2023-06-09 | CVE-2023-0832 | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |
| 2023-04-06 | CVE-2023-1913 | Unspecified vulnerability in Webfactoryltd Maps Widget for Google Maps The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. | 4.8 |