Permalink Manager < 2.4.3.2 - Missing Authorization to Authenticated(Author+) arbitrary post slug modification

Description The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajaxsavepermalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author acces...

WordPress Permalink Manager Lite Plugin <= 2.4.3 is vulnerable to Cross Site Scripting (XSS)

Software Permalink Manager Lite Type Plugin Vulnerable versions = 2.4.3 Fixed in 2.4.3.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29092 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0910a781b8f6 Credits Rafie Muhammad Patchsta...

VulnCheck KEV: CVE-2024-27971

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10...

WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.10 is vulnerable to Local File Inclusion

Software Premmerce Permalink Manager for WooCommerce Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-27971 Patch priority High CVSS severity High 8.3 Developer Premmerce PSID cbe4465b62ca Credits Rafie Muhammad...

The vulnerability of the Permalink Manager Lite and Permalink Manager Pro plugins of the WordPress content management system, related to the lack of protection for website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Permalink Manager Lite and Permalink Manager Pro plugins of the WordPress content management system is related to the lack of protection for the web page structure when processing query parameters. Exploiting this vulnerability allows a malicious actor to perform cross-si...

WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS)

Software Premmerce Permalink Manager for WooCommerce Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Premmerce PSID 3d9ba08b3dfc Credits Rafie...

The vulnerability of the Permalink Manager Lite plugin for the WordPress content management system lies in its lack of protection against SQL query structures, allowing attackers to execute arbitrary SQL code.

The vulnerability of the Permalink Manager Lite plugin for the WordPress content management system is related to the lack of protection for the SQL query structure when processing the orderby parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

CVE-2022-4410

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if...

CVE-2022-4410

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if...

Cross site scripting

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if...

CVE-2022-4410 Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if...

CVE-2022-4410 Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if...

CVE-2022-4410

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) through improper output escaping on post/page/media titles, affecting versions up to and including 2.2.20.3. An attacker can inject arbitrary scripts on the permalink-manager page if another plugin ...

WordPress plugin Permalink Manager Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-27110 · WordPress · Permalink Manager Lite

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including 2.2.20.3 Description: The issue arises from improper output escaping on post/page/media titles, allowing Stored Cross-Site Scripting attacks. This enables attackers to...

WordPress Permalink Manager Lite has an unspecified vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...

CVE-2022-41781

Broken Access Control vulnerability in Permalink Manager Lite plugin = 2.2.20 on WordPress...

CVE-2022-41781

Broken Access Control vulnerability in Permalink Manager Lite plugin = 2.2.20 on WordPress...

Improper access control

Broken Access Control vulnerability in Permalink Manager Lite plugin = 2.2.20 on WordPress...

CVE-2022-41781

The CVE-2022-41781 entry concerns the WordPress Permalink Manager Lite plugin, version