5 matches found
CVE-2024-1120
CVE-2024-1120 affects NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce on WordPress. The flaw is a missing capability check in download_tools_settings() across all versions up to 2.17.0, allowing unauthenticated attackers to export ...
CVE-2024-30485
CVE-2024-30485 corresponds to a Missing Authorization vulnerability in the WordPress plugin Finale Lite. The record notes affected versions “through 2.18.0” and indicates a proof-of-concept/exploitation path exists that can allow an attacker to install and activate arbitrary plugins, as seen in c...
CVE-2024-32107
CVE-2024-32107 is a CSRF vulnerability in Finale Lite – Sales Countdown Timer & Discount for WooCommerce (Finale Lite) affecting versions up to 2.18.0. The issue has a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complexity, and user interaction required. Remediatio...
CVE-2023-47180
CVE-2023-47180 affects the WordPress plugin Finale Lite (XLPlugins Finale Lite) with Missing Authorization, allowing unauthenticated users to delete content due to incorrectly configured access control. Public sources in the Connected Documents confirm the vulnerable range as Finale Lite versions...
CVE-2024-12589
The CVE CVE-2024-12589 affects the Finale Lite – Sales Countdown Timer & Discount for WooCommerce WordPress plugin (