Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

dfactory — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting dfactory. AI-powered Chinese analysis, POCs, and references for each vulnerability.

dFactory is a software development platform focused on application lifecycle management and DevOps automation. Historically, it has been associated with multiple critical vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. The platform's complex architecture and extensive plugin ecosystem have contributed to security challenges, with 14 CVEs documented to date. Notable incidents include authentication bypass vulnerabilities in API endpoints and insecure default configurations that exposed sensitive data. These issues often stem from insufficient input validation and improper access controls, highlighting ongoing security concerns in enterprise environments relying on dFactory for continuous integration and deployment processes.

Top products by dfactory: Responsive Lightbox Responsive Lightbox & Gallery Download Attachments Image Watermark Post Views Counter Events Maker by dFactory
CVE IDTitleCVSSSeverityPublished
CVE-2026-39616 WordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerability — Download AttachmentsCWE-639 5.3 Medium2026-04-08
CVE-2026-2479 Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload — Responsive Lightbox & GalleryCWE-918 5.0 Medium2026-02-25
CVE-2025-12359 Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery — Responsive Lightbox & GalleryCWE-918 5.4 Medium2025-11-19
CVE-2025-62941 WordPress Events Maker by dFactory plugin <= 1.6.14 - Cross Site Scripting (XSS) vulnerability — Events Maker by dFactoryCWE-79 6.5 Medium2025-10-27
CVE-2025-49995 WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerability — Download AttachmentsCWE-639 5.3 Medium2025-06-20
CVE-2024-43924 WordPress Responsive Lightbox & Gallery plugin <= 2.4.7 - Broken Access Control vulnerability — Responsive LightboxCWE-862 5.3 Medium2024-10-23
CVE-2024-49282 WordPress Responsive Lightbox & Gallery plugin <= 2.4.8 - Cross Site Scripting (XSS) vulnerability — Responsive LightboxCWE-79 5.9 Medium2024-10-17
CVE-2024-6870 Responsive Lightbox & Gallery <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload — Responsive Lightbox & GalleryCWE-79 6.4 Medium2024-08-22
CVE-2024-31252 WordPress Responsive Lightbox & Gallery plugin <= 2.4.6 - Broken Access Control vulnerability — Responsive LightboxCWE-862 4.3 Medium2024-06-09
CVE-2024-3230 Download Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Download AttachmentsCWE-79 6.4 Medium2024-06-04
CVE-2024-31264 WordPress Post Views Counter plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) vulnerability — Post Views CounterCWE-352 4.3 Medium2024-04-12
CVE-2024-1994 Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification — Image WatermarkCWE-862 4.3 Medium2024-04-06
CVE-2023-49174 WordPress Responsive Lightbox Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS) — Responsive Lightbox & GalleryCWE-79 5.9 Medium2023-12-15
CVE-2017-2243 WordPress Responsive Lightbox 跨站脚本漏洞 — Responsive Lightbox 6.1 -2017-07-07

This page lists every published CVE security advisory associated with dfactory. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.