3 matches found
CVE-2025-52736 WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Daman Jeet Finale Lite finale-woocommerce-sales-countdown-timer-discount allows Reflected XSS.This issue affects Finale Lite: from n/a through = 2.20.0...
CVE-2023-47180 WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerability
Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0...
WordPress Finale Lite Plugin <= 2.18.0 is vulnerable to Remote Code Execution (RCE)
Software Finale Lite Type Plugin Vulnerable versions = 2.18.0 Fixed in 2.18.1 OWASP Top 10 A1: Broken Access Control Classification Remote Code Execution RCE CVE CVE-2024-30485 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 351260d95e05 Credits Yudistira Arya Required...