Predict your next investment

INTERNET | Internet Software & Services / Business Intelligence, Analytics & Performance Mgmt
webfactory-i4.de

See what CB Insights has to offer

Founded Year

1994

Stage

Corporate Majority | Acquired

About WEBfactory

WEBfactory is a provider of web-based software solutions for the Industrial Internet of Things, IIoT. Its i4 product portfolio addresses IIoT-related customer challenges such as data collection, analysis and visualization.

WEBfactory Headquarter Location

Hollergasse 15

Buchen, 74722,

Germany

+49 (0) 6281/5233-0

Latest WEBfactory News

WordPress Plugin Bugs Let Hackers Wipe or Takeover Your Site

Jan 17, 2020

By Critical bugs found in the WordPress Database Reset plugin used by over 80,000 sites allow attackers to drop all users and get automatically elevated to an administrator role and to reset any table in the database. The open-source WP Database Reset WordPress plugin maintained by WebFactory Ltd is designed to help reset databases to default settings with a few mouse click, wiping all the data stored in the database including posts, pages, users, and more. WP Database Reset makes it possible to choose between resetting a website's entire database or to reset only specific tables. Using the WP Database Reset plugin (WebFactory Ltd) Unauthenticated database reset and privilege escalation The two vulnerabilities tracked as  CVE-2020-7048  and  CVE-2020-7047 , rated as Critical and High  severity, were patched with the release of WP Database Reset 3.15 , a week after the initial disclosure from WordFence, the WordPress security firm that discovered the flaw. During the last two days since the patched version was released, a little over 8,300 users have already updated their installations, with more than 71,000 still having to secure their websites from potential attacks. "One of these flaws allowed any unauthenticated user to reset any table from the database to the initial WordPress set-up state, while the other flaw allowed any authenticated user, even those with minimal permissions, the ability to grant their account administrative privileges while dropping all other users from the table with a simple request," WordFence's Chloe Chamberland says . Successful exploitation of the two flaws on unpatched WordPress sites could lead to full site takeover and/or database reset. Vulnerable database reset function (WordFence) The CVE-2020-7048 authentication bypass flaw is caused by  improper authentication  stemming from missing capability checks or security nonce protection. Poorly implemented privilege management is behind CVE-2020-7047, a bug that allows site users with subscriber or higher permissions to reset the wp_users table and, after dropping all other users with a simple request, and automatically getting elevated to an admin role. "A site owner allowing open registration on a site with a vulnerable version of the WP Database Reset plugin could lose control of their site," the Wordfence Threat Intelligence team report adds. To defend against attacks abusing these flaws, the security outfit advises admins to update to WP Database Reset 3.15 immediately and to keep up to date site backups stored on a different server than the one hosting their WordPress installation. WordFence also created a video demonstration of how an exploit targeting these vulnerabilities would work.

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Expert Collections containing WEBfactory

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

WEBfactory is included in 2 Expert Collections, including Internet of Things ( IoT ).

I

Internet of Things ( IoT )

3,149 items

A

Advanced Manufacturing

1,088 items

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.