CVE-2025-52736 WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...

CVE-2025-52736

Summary: CVE-2025-52736 affects the WordPress Finale Lite plugin up to version 2.20.0 and is a reflected XSS caused by improper input handling during web page creation. Multiple connected sources confirm the vulnerable component and version range ( Finale Lite: ≤ 2.20.0) and classify the impact a...

WordPress plugin Finale Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by LVT-tholv2k in WordPress Plugin Finale Lite versions = 2.20.0...

CVE-2024-12589

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2024-12589

The CVE CVE-2024-12589 affects the Finale Lite – Sales Countdown Timer & Discount for WooCommerce WordPress plugin (

CVE-2024-12589 Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

CVE-2024-12589 Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible fo...

WordPress Finale Lite Plugin <= 2.18.0 is vulnerable to Remote Code Execution (RCE)

Software Finale Lite Type Plugin Vulnerable versions = 2.18.0 Fixed in 2.18.1 OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-30485 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 351260d95e05 Credits Yudistira Arya Required...

Finale WooCommerce Sale Countdown <= 2.9.0 - Arbitrary File Upload

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce WordPress plugin was affected by an Arbitrary File Upload security vulnerability...