CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

83 matches found

NVD•added 2026/05/02 2:16 p.m.•1 views

CVE-2026-0703

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xlwctycurrentdate' shortcode in all versions up to, and including, 2.23.0 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS0.00039EPSS

Exploits0References4

Vulnrichment•added 2026/05/02 1:26 p.m.•1 views

CVE-2026-0703 NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' Shortcode

6.4CVSS6AI score0.00039EPSS

Exploits0References4

EUVD•added 2026/05/02 1:26 p.m.•2 views

EUVD-2026-26788

6.4CVSS6AI score0.00039EPSS

Exploits0References4

Cvelist•added 2026/05/02 1:26 p.m.•27 views

CVE-2026-0703 NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' Shortcode

6.4CVSS0.00039EPSS

Exploits0References4

CVE•added 2026/05/02 1:26 p.m.•4 views

CVE-2026-0703

Affected software: NextMove Lite – Thank You Page for WooCommerce plugin for WordPress. Vulnerability: Stored Cross-Site Scripting via the plugin’s** 'xlwcty_current_date' shortcode. Root cause: insufficient input sanitization and output escaping on user-supplied attributes. Versions impacted: al...

6.4CVSS6AI score0.00039EPSS

Exploits0References4

CNNVD•added 2026/05/02 12:0 a.m.•3 views

WordPress plugin NextMove Lite – Thank You Page for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.7AI score0.00039EPSS

Exploits0References1

Patchstack•added 2026/05/01 12:0 a.m.•2 views

WordPress NextMove Lite – Thank You Page for WooCommerce plugin <= 2.23.0 - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Thank You Page for WooCommerce plugin = 2.23.0 - Thank You Page for WooCommerce = 2.23.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextMove Lite versions = 2.23.0...

6.4CVSS5.8AI score0.00039EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/02/21 7:30 p.m.•1 views

CVE-2025-68048

Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through = 2.23.0...

7.5CVSS5.5AI score0.00047EPSS

Exploits0References1

NVD•added 2026/02/20 4:22 p.m.•2 views

CVE-2025-68048

7.5CVSS0.00047EPSS

Exploits0References1

Cvelist•added 2026/02/20 3:46 p.m.•18 views

CVE-2025-68048 WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability

7.5CVSS0.00047EPSS

Exploits0References1

CVE•added 2026/02/20 3:46 p.m.•6 views

CVE-2025-68048

CVE-2025-68048 involves the WordPress plugin NextMove Lite (XLPlugins)

7.5CVSS5.5AI score0.00047EPSS

Exploits0References1

Vulnrichment•added 2026/02/20 3:46 p.m.•2 views

CVE-2025-68048 WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability

5.3AI score0.00047EPSS

Exploits0References1

CNNVD•added 2026/02/20 12:0 a.m.•4 views

WordPress plugin NextMove Lite 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00047EPSS

Exploits0References1

Positive Technologies•added 2026/02/20 12:0 a.m.•3 views

PT-2026-21082

Name of the Vulnerable Software and Affected Versions XLPlugins NextMove Lite versions through 2.23.0 Description An issue exists in XLPlugins NextMove Lite related to incorrectly configured access control security levels, allowing for missing authorization. This allows exploitation of the system...

5.3AI score0.00047EPSS

Exploits0References3

Patchstack•added 2026/01/27 6:41 a.m.•3 views

WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by NumeX in WordPress Plugin NextMove Lite versions = 2.23.0...

5.9AI score0.00047EPSS

Exploits0Affected Software1

RedhatCVE•added 2026/01/24 3:18 p.m.•5 views

CVE-2026-24599

Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through = 2.23.0...

5.3CVSS5.4AI score0.00015EPSS

Exploits0References1

NVD•added 2026/01/23 3:16 p.m.•3 views

CVE-2026-24599

5.3CVSS0.00015EPSS

Exploits0References1

ATTACKERKB•added 2026/01/23 2:29 p.m.•2 views

CVE-2026-24599

5.3CVSS5.9AI score0.00015EPSS

Exploits0References2

CVE•added 2026/01/23 2:29 p.m.•11 views

CVE-2026-24599

CVE-2026-24599 affects WordPress plugin XLPlugins NextMove Lite (WooCommerce) and is described as an Authorization Bypass Through User-Controlled Key via an insecure Direct Object Reference (IDOR) in the NextMove Lite woo-thank-you-page-nextmove-lite component. Public sources (NVD, Red Hat, CVE L...

5.3CVSS5.4AI score0.00015EPSS

Exploits0References1

Cvelist•added 2026/01/23 2:29 p.m.•27 views

CVE-2026-24599 WordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerability

5.3CVSS0.00015EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by