83 matches found
Exploit for Missing Authorization in Xlplugins Nextmove
CVE-2024-25092 NextMove Lite 2.18.0 - Subscriber+ Arbitra...
NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the 'xladdoninstallation' function, allowing authenticated attackers, with subscriber access and above, to install and activate arbitrary plugins...
WordPress NextMove Lite Plugin <= 2.17.0 is vulnerable to Remote Code Execution (RCE)
Software NextMove Lite Type Plugin Vulnerable versions = 2.17.0 Fixed in 2.18.0 OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-25092 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 2181c91c736b Credits Yudistira Arya Required...