Lucene search
K
XlpluginsFinale

5 matches found

CVE
CVE
added 2024/03/01 9:31 a.m.92 views

CVE-2024-1120

CVE-2024-1120 affects NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce on WordPress. The flaw is a missing capability check in download_tools_settings() across all versions up to 2.17.0, allowing unauthenticated attackers to export ...

5.3CVSS5.4AI score0.00537EPSS
CVE
CVE
added 2024/06/09 10:58 a.m.74 views

CVE-2024-30485

CVE-2024-30485 corresponds to a Missing Authorization vulnerability in the WordPress plugin Finale Lite. The record notes affected versions “through 2.18.0” and indicates a proof-of-concept/exploitation path exists that can allow an attacker to install and activate arbitrary plugins, as seen in c...

8.8CVSS8.8AI score0.01038EPSS
CVE
CVE
added 2024/04/11 12:59 p.m.60 views

CVE-2024-32107

CVE-2024-32107 is a CSRF vulnerability in Finale Lite – Sales Countdown Timer & Discount for WooCommerce (Finale Lite) affecting versions up to 2.18.0. The issue has a CVSS v3.1 base score of 4.3 (Medium) with network attack vector, low attack complexity, and user interaction required. Remediatio...

4.3CVSS5.1AI score0.00214EPSS
CVE
CVE
added 2025/01/02 12:0 p.m.58 views

CVE-2023-47180

CVE-2023-47180 affects the WordPress plugin Finale Lite (XLPlugins Finale Lite) with Missing Authorization, allowing unauthenticated users to delete content due to incorrectly configured access control. Public sources in the Connected Documents confirm the vulnerable range as Finale Lite versions...

6.5CVSS8.5AI score0.00391EPSS
CVE
CVE
added 2025/03/12 7:0 a.m.51 views

CVE-2024-12589

The CVE CVE-2024-12589 affects the Finale Lite – Sales Countdown Timer & Discount for WooCommerce WordPress plugin (

6.4CVSS5.8AI score0.00234EPSS