11 matches found
CVE-2022-0201
The CVE pertains to WordPress Permalink Manager Lite and Pro plugins prior to version 2.2.15, with a Reflected Cross-Site Scripting (XSS) vulnerability caused by not sanitising/escaping query parameters before echoing them on the debug page. Affected components: Permalink Manager Lite/Pro plugins...
CVE-2024-2738
CVE-2024-2738 affects Permalink Manager Lite and Permalink Manager Pro for WordPress. The vulnerability is a Reflected Cross-Site Scripting flaw via the URL parameter ‘s’ in multiple locations present up to version 2.4.3.1, caused by insufficient input sanitization and output escaping. Attackers ...
CVE-2022-41781
The CVE-2022-41781 entry concerns the WordPress Permalink Manager Lite plugin, version
CVE-2024-2543
The CVE-2024-2543 entry concerns the Permalink Manager Lite WordPress plugin. A missing capability check in get_uri_editor affects all versions up to 2.4.3.1, enabling unauthenticated attackers to view permalinks for all posts. Remediation: upgrade to 2.4.3.2 or later (patched in that version).
CVE-2024-29092
CVE-2024-29092 is a reflected XSS in Permalink Manager Lite for WordPress. The root cause is improper input neutralization during web page generation. Affected: Permalink Manager Lite versions from n/a up to and including 2.4.3. Remediation: update to the patched version (2.4.3 or later).
CVE-2024-8195
CVE-2024-8195 affects the Permalink Manager Lite WordPress plugin. Root cause: missing capability checks on debug_data, debug_query, and debug_redirect in all versions up to 2.4.4. Impact: unauthenticated attackers could access sensitive data, including passwords, titles, and content of password-...
CVE-2024-2538
CVE-2024-2538 impacts Permalink Manager Lite for WordPress. The issue stems from a missing capability check in the ajax_save_permalink path, allowing authenticated users with author access or higher to modify permalinks of arbitrary posts. Affected versions are all up to and including 2.4.3.1. Pu...
CVE-2021-24769
The CVE-2021-24769 affects the WordPress plugin Permalink Manager Lite (before 2.2.13.1). The vulnerability arises from not validating/escaping the orderby parameter before embedding it in a SQL statement on the Permalink Manager page, enabling SQL injection. Public sources (PatchStack, CVE recor...
CVE-2022-4410
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) through improper output escaping on post/page/media titles, affecting versions up to and including 2.2.20.3. An attacker can inject arbitrary scripts on the permalink-manager page if another plugin ...
CVE-2022-4021
The CVE-2022-4021 entry concerns the WordPress Permalink Manager Lite plugin (vulnerable up to and including 2.2.20.1) with a CSRF flaw in the extra_actions function due to missing/incorrect nonce validation. This allows unauthenticated attackers to alter plugin settings, including permalinks and...
CVE-2024-37257
CVE-2024-37257 describes a Reflected XSS in Permalink Manager Lite (WordPress plugin) affecting versions up to 2.4.3.3. The vulnerability is due to improper neutralization of input during web page generation. Connected sources note the vulnerability is patched, but the exact fixed version is not ...