Lucene search
K
Permalink Manager Lite ProjectPermalink Manager Lite

11 matches found

CVE
CVE
added 2022/02/14 9:21 a.m.128 views

CVE-2022-0201

The CVE pertains to WordPress Permalink Manager Lite and Pro plugins prior to version 2.2.15, with a Reflected Cross-Site Scripting (XSS) vulnerability caused by not sanitising/escaping query parameters before echoing them on the debug page. Affected components: Permalink Manager Lite/Pro plugins...

6.1CVSS6AI score0.03368EPSS
Web
CVE
CVE
added 2024/04/09 6:58 p.m.74 views

CVE-2024-2738

CVE-2024-2738 affects Permalink Manager Lite and Permalink Manager Pro for WordPress. The vulnerability is a Reflected Cross-Site Scripting flaw via the URL parameter ‘s’ in multiple locations present up to version 2.4.3.1, caused by insufficient input sanitization and output escaping. Attackers ...

6.1CVSS6.5AI score0.00604EPSS
CVE
CVE
added 2022/11/18 7:0 p.m.72 views

CVE-2022-41781

The CVE-2022-41781 entry concerns the WordPress Permalink Manager Lite plugin, version

9.8CVSS8AI score0.00649EPSS
CVE
CVE
added 2024/04/09 6:58 p.m.61 views

CVE-2024-2543

The CVE-2024-2543 entry concerns the Permalink Manager Lite WordPress plugin. A missing capability check in get_uri_editor affects all versions up to 2.4.3.1, enabling unauthenticated attackers to view permalinks for all posts. Remediation: upgrade to 2.4.3.2 or later (patched in that version).

4.3CVSS9.1AI score0.00623EPSS
CVE
CVE
added 2024/03/19 4:41 p.m.60 views

CVE-2024-29092

CVE-2024-29092 is a reflected XSS in Permalink Manager Lite for WordPress. The root cause is improper input neutralization during web page generation. Affected: Permalink Manager Lite versions from n/a up to and including 2.4.3. Remediation: update to the patched version (2.4.3 or later).

7.1CVSS8.6AI score0.00398EPSS
CVE
CVE
added 2024/08/28 1:54 p.m.60 views

CVE-2024-8195

CVE-2024-8195 affects the Permalink Manager Lite WordPress plugin. Root cause: missing capability checks on debug_data, debug_query, and debug_redirect in all versions up to 2.4.4. Impact: unauthenticated attackers could access sensitive data, including passwords, titles, and content of password-...

5.3CVSS5.5AI score0.00532EPSS
CVE
CVE
added 2024/03/20 5:32 a.m.58 views

CVE-2024-2538

CVE-2024-2538 impacts Permalink Manager Lite for WordPress. The issue stems from a missing capability check in the ajax_save_permalink path, allowing authenticated users with author access or higher to modify permalinks of arbitrary posts. Affected versions are all up to and including 2.4.3.1. Pu...

5.4CVSS6.1AI score0.00568EPSS
CVE
CVE
added 2021/10/25 1:20 p.m.57 views

CVE-2021-24769

The CVE-2021-24769 affects the WordPress plugin Permalink Manager Lite (before 2.2.13.1). The vulnerability arises from not validating/escaping the orderby parameter before embedding it in a SQL statement on the Permalink Manager page, enabling SQL injection. Public sources (PatchStack, CVE recor...

7.2CVSS7.2AI score0.01336EPSS
Web
CVE
CVE
added 2022/12/14 9:20 p.m.57 views

CVE-2022-4410

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) through improper output escaping on post/page/media titles, affecting versions up to and including 2.2.20.3. An attacker can inject arbitrary scripts on the permalink-manager page if another plugin ...

6.4CVSS5AI score0.00555EPSS
CVE
CVE
added 2022/11/16 1:16 p.m.54 views

CVE-2022-4021

The CVE-2022-4021 entry concerns the WordPress Permalink Manager Lite plugin (vulnerable up to and including 2.2.20.1) with a CSRF flaw in the extra_actions function due to missing/incorrect nonce validation. This allows unauthenticated attackers to alter plugin settings, including permalinks and...

8.8CVSS4.2AI score0.00421EPSS
CVE
CVE
added 2024/07/22 9:6 a.m.54 views

CVE-2024-37257

CVE-2024-37257 describes a Reflected XSS in Permalink Manager Lite (WordPress plugin) affecting versions up to 2.4.3.3. The vulnerability is due to improper neutralization of input during web page generation. Connected sources note the vulnerability is patched, but the exact fixed version is not ...

7.1CVSS7AI score0.00308EPSS