Vulnerabilidades en dFactory
16 resultadosCVE-2017-2243—Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML vEPSS 1.5%CVE-2024-43924MEDIUMWordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-5020MEDIUMMultiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript LibraryEPSS 0.4%CVE-2023-49174MEDIUMWordPress Responsive Lightbox Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-31252MEDIUMWordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-1994MEDIUMImage Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark ModificationEPSS 0.3%CVE-2024-3230MEDIUMDownload Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-6870MEDIUMResponsive Lightbox & Gallery <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File UploadEPSS 0.3%CVE-2024-5667MEDIUMMultiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript LibraryEPSS 0.3%CVE-2025-49995MEDIUMWordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2024-49282MEDIUMWordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-2479MEDIUMResponsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image UploadEPSS 0.2%CVE-2026-39616MEDIUMWordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-12359MEDIUMResponsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request ForgeryEPSS 0.2%CVE-2024-31264MEDIUMWordPress Post Views Counter plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-62941MEDIUMWordPress Events Maker by dFactory plugin <= 1.6.14 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%