Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPFactory — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting WPFactory. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WPFactory operates as a software development firm specializing in WordPress plugins and themes, catering to web developers and site administrators seeking extended functionality. Historically, its products have been associated with forty-seven recorded Common Vulnerabilities and Exposures (CVEs), predominantly involving remote code execution, cross-site scripting, and privilege escalation flaws. These vulnerabilities often stem from insufficient input validation and improper capability checks within plugin code, allowing unauthenticated attackers to compromise affected sites. While specific major incidents are rarely publicized as distinct breaches, the high volume of CVEs indicates systemic security oversight in the development lifecycle. The company’s portfolio includes popular tools for SEO, security, and page building, yet the recurring nature of these exploits highlights persistent challenges in maintaining secure coding standards for widely deployed WordPress extensions.

Found 2 results / 47Clear Filters
Top products by WPFactory: Wishlist for WooCommerce Products, Order & Customers Export for WooCommerce EAN for WooCommerce Advanced WooCommerce Product Sales Reporting Additional Custom Product Tabs for WooCommerce Helpdesk Support Ticket System for WooCommerce Product XML Feed Manager for WooCommerce Free Shipping Bar: Amount Left for Free Shipping for WooCommerce Adverts Back Button Widget Cost of Goods for WooCommerce Sitewide Discount for WooCommerce: Apply Discount to All Products Maximum Products per User for WooCommerce Slugs Manager CRM ERP Business Solution Min Max Step Quantity Limits Manager for WooCommerce Coupons & Add to Cart by URL Links for WooCommerce Product Notes Tab & Private Admin Notes for WooCommerce Email Verification for WooCommerce Additional Custom Emails & Recipients for WooCommerce Change Add to Cart Button Text for WooCommerce Awesome Shortcodes Custom Checkout Fields for WooCommerce Product Excel Import Export & Bulk Edit for WooCommerce MSRP (RRP) Pricing for WooCommerce Custom CSS, JS & PHP WPFactory Helper EU/UK VAT Manager for WooCommerce Quantity Dynamic Pricing & Bulk Discounts for WooCommerce Scheduled & Automatic Order Status Controller for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-48252 WordPress Back Button Widget plugin <= 1.6.8 - Cross Site Scripting (XSS) Vulnerability — Back Button WidgetCWE-79 6.5 Medium2025-05-19
CVE-2023-51399 WordPress Back Button Widget Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS) — Back Button WidgetCWE-79 6.5 Medium2023-12-29

This page lists every published CVE security advisory associated with WPFactory. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.