Vulnerabilities > Webfactoryltd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-25 | CVE-2025-1262 | Guessable CAPTCHA vulnerability in Webfactoryltd Advanced Google Recaptcha The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . | 5.3 |
| 2024-06-08 | CVE-2024-5087 | Missing Authorization vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. | 5.4 |
| 2024-06-08 | CVE-2024-5770 | Missing Authorization vulnerability in Webfactoryltd WP Force SSL The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. | 4.3 |
| 2024-04-09 | CVE-2023-6799 | Unspecified vulnerability in Webfactoryltd WP Reset The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. | 5.9 |
| 2024-02-05 | CVE-2024-1075 | Unspecified vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. | 5.3 |
| 2023-12-29 | CVE-2023-50837 | Unspecified vulnerability in Webfactoryltd WP Login Lockdown 2.06 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06. | 7.2 |
| 2023-12-15 | CVE-2023-49747 | Unspecified vulnerability in Webfactoryltd Guest Author Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3. | 5.4 |
| 2023-08-14 | CVE-2023-3601 | Unspecified vulnerability in Webfactoryltd Simple Author BOX The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. | 4.3 |
| 2023-06-09 | CVE-2023-0831 | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |
| 2023-06-09 | CVE-2023-0832 | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |