Vulnerabilidades en XLPlugins
13 resultadosCVE-2024-25092HIGHWordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerabilityEPSS 1.4%CVE-2024-30485HIGHWordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerabilityEPSS 1.0%CVE-2024-32104MEDIUMWordPress NextMove Lite plugin <= 2.18.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.7%CVE-2024-1120MEDIUMNextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information DisclosureEPSS 0.5%CVE-2023-47180MEDIUMWordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerabilityEPSS 0.4%CVE-2023-39162HIGHWordPress User Email Verification for WooCommerce Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2026-24599MEDIUMWordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-68048HIGHWordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-52735HIGHWordPress NextMove Lite plugin <= 2.24.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-10860MEDIUMNextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason SubmissionEPSS 0.2%CVE-2024-32107MEDIUMWordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-0703MEDIUMNextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' ShortcodeEPSS 0.2%CVE-2025-62969MEDIUMWordPress NextMove Lite plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%