Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dfactory vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-0076
The Download Attachments WordPress plugin prior to 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site S...
Dfactory Download Attachments
6.1
CVSSv3
CVE-2017-2243
Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an malicious user to inject arbitrary web script or HTML via unspecified vectors.
Dfactory Responsive Lightbox
5.4
CVSSv3
CVE-2023-49174
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dFactory Responsive Lightbox & Gallery allows Stored XSS.This issue affects Responsive Lightbox & Gallery: from n/a up to and including 2.4.5.
Dfactory Responsive Lightbox
4.8
CVSSv3
CVE-2021-24613
The Post Views Counter WordPress plugin prior to 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
Dfactory Post Views Counter
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started