CVE-2025-52736

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

EUVD-2025-35494

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

CVE-2025-52736

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

CVE-2025-52736 WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

CVE-2025-52736 WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

CVE-2025-52736

Summary: CVE-2025-52736 affects the WordPress Finale Lite plugin up to version 2.20.0 and is a reflected XSS caused by improper input handling during web page creation. Multiple connected sources confirm the vulnerable component and version range ( Finale Lite: ≤ 2.20.0) and classify the impact a...

WordPress plugin Finale Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-43228

Name of the Vulnerable Software and Affected Versions Daman Jeet Finale Lite versions through 2.20.0 Description The software contains a flaw related to improper input handling during web page creation, which can lead to Reflected Cross-site Scripting XSS. This allows an attacker to inject...

EUVD-2024-16894

Malicious code in bioql PyPI...

EUVD-2023-51313

Malicious code in bioql PyPI...

EUVD-2024-29929

Malicious code in bioql PyPI...

EUVD-2024-54147

Malicious code in bioql PyPI...

WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by LVT-tholv2k in WordPress Plugin Finale Lite versions = 2.20.0...

CVE-2024-32107

Cross-Site Request Forgery CSRF vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0...

CVE-2023-47180

Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0...

CVE-2024-12589

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

Exploit for Missing Authorization in Xlplugins Finale

CVE-2024-30485 Exploit 📌 Overview CVE-2024-30485 is a...

CVE-2024-12589

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2024-12589 Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2024-12589

The CVE CVE-2024-12589 affects the Finale Lite – Sales Countdown Timer & Discount for WooCommerce WordPress plugin (