Vulnerabilities > Webfactoryltd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-1075 | Unspecified vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. | 5.3 |
| 2023-12-29 | CVE-2023-50837 | SQL Injection vulnerability in Webfactoryltd WP Login Lockdown Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06. | 7.2 |
| 2023-12-15 | CVE-2023-49747 | Cross-site Scripting vulnerability in Webfactoryltd Guest Author Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3. | 5.4 |
| 2023-08-14 | CVE-2023-3601 | Unspecified vulnerability in Webfactoryltd Simple Author BOX The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. | 4.3 |
| 2023-06-09 | CVE-2023-0831 | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |
| 2023-06-09 | CVE-2023-0832 | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |
| 2023-04-06 | CVE-2023-1913 | Unspecified vulnerability in Webfactoryltd Maps Widget for Google Maps The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. | 4.8 |
| 2022-05-30 | CVE-2022-1582 | Cross-site Scripting vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. | 4.3 |
| 2022-05-30 | CVE-2022-1583 | Use of Web Link to Untrusted Target with window.opener Access vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur. | 4.3 |
| 2021-11-18 | CVE-2021-36908 | Cross-Site Request Forgery (CSRF) vulnerability in Webfactoryltd WP Reset PRO Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. | 8.8 |