Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Webfactoryltd Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-49747 1 Webfactoryltd 1 Guest Author 2023-12-21 N/A 5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.
CVE-2023-3601 1 Webfactoryltd 1 Simple Author Box 2023-08-21 N/A 4.3 MEDIUM
The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor.
CVE-2022-1583 1 Webfactoryltd 1 External Links In New Window \/ New Tab 2022-06-09 4.3 MEDIUM 6.5 MEDIUM
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.
CVE-2022-1582 1 Webfactoryltd 1 External Links In New Window \/ New Tab 2022-06-08 4.3 MEDIUM 6.1 MEDIUM
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.
CVE-2021-24533 1 Webfactoryltd 1 Maintenance 2021-08-26 3.5 LOW 4.8 MEDIUM
The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend
CVE-2020-6166 1 Webfactoryltd 1 Minimal Coming Soon \& Maintenance Mode 2020-01-10 5.5 MEDIUM 5.4 MEDIUM
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes.