Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:F7993326-65EA-429A-97EC-89B1F3B85A22
HistoryFeb 12, 2024 - 12:00 a.m.

NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation

2024-02-1200:00:00
wpscan.com
3
nextmove lite
vulnerability
capability check
unauthorized modification
data
authenticated attackers
subscriber access
arbitrary plugins

6.3 Medium

AI Score

Confidence

High

JSON

Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the β€˜xl_addon_installation’ function, allowing authenticated attackers, with subscriber access and above, to install and activate arbitrary plugins.

CPENameOperatorVersion
eq2.18.0

Related

githubexploit 1
wordfence 1
githubexploit
githubexploit
Exploit for CVE-2024-25092
2024-02-14 11:30:59
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)
2024-02-15 16:21:23

6.3 Medium

AI Score

Confidence

High

JSON
Related for WPVDB-ID:F7993326-65EA-429A-97EC-89B1F3B85A22
githubexploit1wordfence1