105 matches found
PT-2024-27421 · Unknown · Permalink Manager Lite
Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite versions 2.4.3.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...
WordPress Permalink Manager Lite plugin <= 2.4.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Permalink Manager Lite versions = 2.4.3.3...
WordPress Permalink Manager Lite Plugin <= 2.4.3.3 is vulnerable to Cross Site Scripting (XSS)
Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.3 Fixed in 2.4.3.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37257 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e3ec5eb6c45f Credits Rafie Muhammad...
CVE-2024-2738
The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...
CVE-2024-2738
The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...
CVE-2024-2543
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...
CVE-2024-2543 Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...
CVE-2024-2543
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...
CVE-2024-2738 Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting
The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...
WordPress Plugin Permalink Manager Lite and Permalink Manager Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-21867 · WordPress · Permalink Manager Lite +1
Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite and Pro plugins for WordPress versions up to, and including, 2.4.3.1 Description: The issue is related to Reflected Cross-Site Scripting via the s parameter in multiple instances due to insufficient input sanitization a...
WordPress Permalink Manager Lite Plugin <= 2.4.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3.1 Fixed in 2.4.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2738 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8f6892729531 Credits Muhamma...
CVE-2024-2538
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...
CVE-2024-2538
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...
CVE-2024-2538
CVE-2024-2538 impacts Permalink Manager Lite for WordPress. The issue stems from a missing capability check in the ajax_save_permalink path, allowing authenticated users with author access or higher to modify permalinks of arbitrary posts. Affected versions are all up to and including 2.4.3.1. Pu...
CVE-2024-2538 Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...
CVE-2024-2538 Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above,...
WordPress Plugin Permalink Manager Lite Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Permalink Manager Lite < 2.4.3.1 - Reflected Cross-Site Scripting
Description The Permalink Manager Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-29092
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3...