Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dfactory vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-49174
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a up to and including 2.4.5.
Dfactory Responsive Lightbox
4.3
CVSSv2
CVE-2017-2243
Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an malicious user to inject arbitrary web script or HTML via unspecified vectors.
Dfactory Responsive Lightbox
NA
CVE-2023-0076
The Download Attachments WordPress plugin prior to 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Dfactory Download Attachments
3.5
CVSSv2
CVE-2021-24613
The Post Views Counter WordPress plugin prior to 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
Dfactory Post Views Counter
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started