CVE-2024-10860

CVE-2024-10860 affects the WordPress plugin “NextMove Lite – Thank You Page for WooCommerce.” The vulnerability is a missing capability check in the _submit_uninstall_reason_action() function, present in all versions up to 2.19.0. This allows authenticated attackers with Subscriber-level access a...

CVE-2024-1120

CVE-2024-1120 affects NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce on WordPress. The flaw is a missing capability check in download_tools_settings() across all versions up to 2.17.0, allowing unauthenticated attackers to export ...

CVE-2024-25092

CVE-2024-25092 is a Missing Authorization vulnerability in WordPress NextMove Lite (XLPlugins NextMove Lite) affecting all versions through 2.17.0. An authenticated user with subscriber-level privileges or higher can install and activate arbitrary plugins due to a missing capability check (xl_add...

CVE-2024-32104

CVE-2024-32104 is a CSRF vulnerability affecting XLPlugins NextMove Lite (NextMove Lite: n/a through 2.18.1). The embedded CVSS details show the attack vector as Network, no confidentiality impact, low integrity impact, and no availability impact, with user interaction required and no privileges ...

CVE-2025-52735

The CVE describes a Reflected XSS in XLPlugins NextMove Lite, specifically the woo-thank-you-page-nextmove-lite component, caused by improper input neutralization during web page generation. Affected software is WordPress NextMove Lite plugin versions up to and including 2.24.0 (variously referen...

CVE-2025-62969

CVE-2025-62969 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin NextMove Lite (XLPlugins) used with WooCommerce. Multiple sources (NVD, Red Hat, CIRCL, CVE List, EUVD) describe this as an XSS issue that affects NextMove Lite versions from a non-specified baseline up to...