VYPR

Vendor CVEs

Webfactoryltd

All CVEs

24 total · sorted by risk
  • CVE-2025-23968CriJul 3, 2025
    risk 0.59cvss 9.1epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in WebFactory AiBud WP aibuddy-openai-chatgpt allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through <= 1.9.

  • CVE-2023-50837HigDec 29, 2023
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown – Protect Login Form.This issue affects Login Lockdown – Protect Login Form: from n/a through 2.06.

  • CVE-2025-24645HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob Scott Eazy Under Construction eazy-under-construction allows Reflected XSS.This issue affects Eazy Under Construction: from n/a through <= 1.0.

  • CVE-2024-5087MedJun 8, 2024
    risk 0.41cvss 6.3epss 0.00

    The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validate_ajax, deactivate_ajax, and save_ajax functions in all versions up to, and including, 2.38. This makes it…

  • CVE-2023-6799MedApr 9, 2024
    risk 0.38cvss 5.9epss 0.01

    The WP Reset – Most Advanced WordPress Reset Tool plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 via the use of insufficiently random snapshot names. This makes it possible for unauthenticated attackers to extract…

  • CVE-2023-49747MedDec 15, 2023
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebFactory Ltd Guest Author allows Stored XSS.This issue affects Guest Author: from n/a through 2.3.

  • CVE-2024-1340MedFeb 29, 2024
    risk 0.35cvss 5.4epss 0.00

    The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with…

  • CVE-2024-12034MedDec 24, 2024
    risk 0.34cvss 5.3epss 0.00

    The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to…

  • CVE-2023-48745MedJun 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9.

  • CVE-2024-1501MedFeb 21, 2024
    risk 0.31cvss 4.7epss 0.00

    The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the…

  • CVE-2023-1913MedApr 6, 2023
    risk 0.29cvss 4.4epss 0.00

    The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2023-0832MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.00

    The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the install_weglot function called via the admin_action_install_weglot action. This makes it…

  • CVE-2023-0831MedJun 9, 2023
    risk 0.28cvss 4.3epss 0.00

    The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismiss_notice function called via the admin_action_ucp_dismiss_notice action. This makes…

  • CVE-2025-10645MedOct 7, 2025
    risk 0.27cvss 5.3epss 0.00

    The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WF_Licensing::log() method when debugging is enabled (default). This makes it possible for unauthenticated attackers to extract sensitive license…

  • CVE-2025-2074MedMar 28, 2025
    risk 0.27cvss 5.3epss 0.00

    The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL…

  • CVE-2024-4661MedJun 8, 2024
    risk 0.21cvss 4.3epss 0.00

    The WP Reset plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_ajax function in all versions up to, and including, 2.02. This makes it possible for authenticated attackers, with subscriber-level access and…

  • CVE-2024-5770MedJun 8, 2024
    risk 0.20cvss 4.2epss 0.00

    The WP Force SSL & HTTPS SSL Redirect plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_setting' function in versions up to, and including, 1.66. This makes it possible for authenticated attackers,…

  • CVE-2024-1075LowFeb 5, 2024
    risk 0.17cvss 3.7epss 0.01

    The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for…

  • CVE-2020-7048Jan 16, 2020
    risk 0.04cvss epss 0.23

    The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a…

  • CVE-2025-1262Feb 25, 2025
    risk 0.00cvss epss 0.00

    The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.

  • CVE-2020-7047Jan 16, 2020
    risk 0.00cvss epss 0.02

    The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other…

  • CVE-2020-6168Jan 9, 2020
    risk 0.00cvss epss 0.02

    A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availability and confidentiality of a vulnerable site, along with the integrity of the…

  • CVE-2020-6166Jan 9, 2020
    risk 0.00cvss epss 0.01

    A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes.

  • CVE-2020-6167Jan 9, 2020
    risk 0.00cvss epss 0.01

    A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote files as a logo.