Lucene search

Permalink Manager Lite Security Vulnerabilities

cve

CVE-2021-24769

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection

7.2CVSS

7.2AI Score

0.001EPSS

2021-10-25 02:15 PM

cve

CVE-2022-0201

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue

6.1CVSS

6AI Score

0.001EPSS

2022-02-14 12:15 PM

cve

CVE-2022-4021

The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings ...

8.8CVSS

4.2AI Score

0.001EPSS

2022-11-16 02:15 PM

cve

CVE-2022-41781

Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.

9.8CVSS

9.4AI Score

0.002EPSS

2022-11-18 07:15 PM

cve

CVE-2022-4410

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if ano...

6.4CVSS

5AI Score

0.0005EPSS

2022-12-14 10:15 PM