4 matches found
CVE-2024-10860
CVE-2024-10860 affects the WordPress plugin “NextMove Lite – Thank You Page for WooCommerce.” The vulnerability is a missing capability check in the _submit_uninstall_reason_action() function, present in all versions up to 2.19.0. This allows authenticated attackers with Subscriber-level access a...
CVE-2024-1120
CVE-2024-1120 affects NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce on WordPress. The flaw is a missing capability check in download_tools_settings() across all versions up to 2.17.0, allowing unauthenticated attackers to export ...
CVE-2024-25092
CVE-2024-25092 is a Missing Authorization vulnerability in WordPress NextMove Lite (XLPlugins NextMove Lite) affecting all versions through 2.17.0. An authenticated user with subscriber-level privileges or higher can install and activate arbitrary plugins due to a missing capability check (xl_add...
CVE-2024-32104
CVE-2024-32104 is a CSRF vulnerability affecting XLPlugins NextMove Lite (NextMove Lite: n/a through 2.18.1). The embedded CVSS details show the attack vector as Network, no confidentiality impact, low integrity impact, and no availability impact, with user interaction required and no privileges ...