Vulnerabilities > Webfactoryltd > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-08 | CVE-2024-5087 | Missing Authorization vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. | 5.4 |
| 2024-06-08 | CVE-2024-5770 | Missing Authorization vulnerability in Webfactoryltd WP Force SSL The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. | 4.3 |
| 2024-02-05 | CVE-2024-1075 | Unspecified vulnerability in Webfactoryltd Minimal Coming Soon & Maintenance Mode The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. | 5.3 |
| 2023-12-15 | CVE-2023-49747 | Unspecified vulnerability in Webfactoryltd Guest Author Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3. | 5.4 |
| 2023-08-14 | CVE-2023-3601 | Unspecified vulnerability in Webfactoryltd Simple Author BOX The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor. | 4.3 |
| 2023-06-09 | CVE-2023-0831 | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |
| 2023-06-09 | CVE-2023-0832 | Unspecified vulnerability in Webfactoryltd Under Construction The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. | 4.3 |
| 2023-04-06 | CVE-2023-1913 | Unspecified vulnerability in Webfactoryltd Maps Widget for Google Maps The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. | 4.8 |
| 2022-05-30 | CVE-2022-1582 | Unspecified vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. | 6.1 |
| 2022-05-30 | CVE-2022-1583 | Unspecified vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur. | 6.5 |