Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

webfactory — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting webfactory. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Webfactory operates as a provider of web-based enterprise solutions, primarily focusing on content management and digital asset management systems for large organizations. Security audits have identified twenty-one Common Vulnerabilities and Exposures (CVEs) associated with its software ecosystem, indicating a persistent history of security deficiencies. The most prevalent vulnerability classes include Cross-Site Scripting (XSS), which allows attackers to inject malicious scripts into webpages viewed by other users, and Remote Code Execution (RCE), enabling unauthorized control over the underlying server infrastructure. Additionally, instances of broken access control and privilege escalation have been documented, suggesting flaws in authentication and authorization mechanisms. These issues collectively highlight significant risks regarding data integrity and system confidentiality. While specific major public breaches linked directly to these CVEs are not widely reported in mainstream media, the high volume of recorded vulnerabilities necessitates rigorous patch management and continuous security monitoring for any organization deploying Webfactory’s platforms.

Top products by webfactory: Login Lockdown & Protection WP Reset Advanced Google reCAPTCHA Under Construction Minimal Coming Soon – Coming Soon Page Order Export for WooCommerce Maps Widget for Google Maps WordPress Charts Database Reset Email Log WP Force SSL & HTTPS SSL Redirect AiBud WP
CVE IDTitleCVSSSeverityPublished
CVE-2025-11707 Login Lockdown & Protection <= 2.14 - IP Block Bypass — Login Lockdown & ProtectionCWE-330 5.3 Medium2025-12-13
CVE-2025-10645 WP Reset <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log — WP ResetCWE-532 5.3 Medium2025-10-07
CVE-2025-23968 WordPress AiBud WP plugin <= 1.9 - Arbitrary File Upload vulnerability — AiBud WPCWE-434 9.1 Critical2025-07-03
CVE-2025-3766 Login Lockdown & Protection <= 2.11 - Missing Authorization to Authenticated (Subscriber+) Arbitrary IP Whitelisting — Login Lockdown & ProtectionCWE-862 5.4 Medium2025-05-07
CVE-2025-2074 Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter — Advanced Google reCAPTCHACWE-89 5.3 Medium2025-03-28
CVE-2025-1262 Advanced Google reCaptcha <= 1.27 - Built-in Math CAPTCHA Bypass — Advanced Google reCAPTCHACWE-804 5.3 Medium2025-02-25
CVE-2024-13623 Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory — Order Export for WooCommerceCWE-200 5.9 Medium2025-01-31
CVE-2024-12034 Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock — Advanced Google reCAPTCHACWE-340 5.3 Medium2024-12-24
CVE-2024-43259 WordPress Order Export for WooCommerce plugin <= 3.23 - Sensitive Data Exposure vulnerability — Order Export for WooCommerceCWE-201 5.3 Medium2024-08-26
CVE-2024-5087 Minimal Coming Soon – Coming Soon Page <= 2.38 - Missing Authorization to Limited Settings Change — Minimal Coming Soon – Coming Soon PageCWE-862 6.3 Medium2024-06-08
CVE-2024-4661 WP Reset <= 2.02 - Missing Authorization to License Key Modification — WP ResetCWE-862 4.3 Medium2024-06-08
CVE-2024-5770 WP Force SSL & HTTPS SSL Redirect <= 1.66 - Missing Authorization to Settings Update — WP Force SSL & HTTPS SSL RedirectCWE-862 4.2 Medium2024-06-08
CVE-2024-0867 Email Log <= 2.4.8 - Unauthenticated Hook Injection — Email LogCWE-94 8.1 High2024-05-24
CVE-2023-6799 WP Reset <= 2.0 - Sensitive Information Exposure due to Insufficient Randomness — WP ResetCWE-330 5.9 Medium2024-04-09
CVE-2024-1501 Database Reset <= 3.22 - Cross-Site Request Forgery to WP Reset Plugin Installation — Database ResetCWE-352 4.7 Medium2024-02-21
CVE-2024-1340 Login Lockdown – Protect Login Form <= 2.08 - Missing Authorization — Login Lockdown & ProtectionCWE-862 5.4 Medium2024-02-20
CVE-2024-1075 Minimal Coming Soon – Coming Soon Page <= 2.37 - Unauthenticated Maintenance Mode Bypass — Minimal Coming Soon – Coming Soon PageCWE-639 3.7 Low2024-02-05
CVE-2023-5062 WordPress Charts <= 0.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WordPress ChartsCWE-79 6.4 Medium2023-09-20
CVE-2023-0832 Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot — Under ConstructionCWE-352 4.3 Medium2023-06-09
CVE-2023-0831 Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice — Under ConstructionCWE-352 4.3 Medium2023-06-09
CVE-2023-1913 Maps Widget for Google Maps <= 4.24 - Authenticated (Administrator+) Stored Cross-Site Scripting — Maps Widget for Google MapsCWE-79 4.4 Medium2023-04-06

This page lists every published CVE security advisory associated with webfactory. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.