Permalink Manager Lite Project

Permalink Manager Lite

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-8195

  • EPSS 0.64%
  • Veröffentlicht 28.08.2024 14:15:08
  • Zuletzt bearbeitet 13.09.2024 19:28:04

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. This makes ...

6.1

CVE-2024-37257

  • EPSS 0.21%
  • Veröffentlicht 22.07.2024 09:15:05
  • Zuletzt bearbeitet 21.11.2024 09:23:28

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3.

6.1

CVE-2024-2738

  • EPSS 1.5%
  • Veröffentlicht 09.04.2024 19:15:36
  • Zuletzt bearbeitet 13.02.2025 17:01:33

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output esca...

4.3

CVE-2024-2543

Exploit
  • EPSS 0.5%
  • Veröffentlicht 09.04.2024 19:15:35
  • Zuletzt bearbeitet 05.02.2025 17:11:54

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated ...

4.3

CVE-2024-2538

Exploit
  • EPSS 0.05%
  • Veröffentlicht 20.03.2024 06:15:12
  • Zuletzt bearbeitet 05.02.2025 18:15:22

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authe...

6.1

CVE-2024-29092

  • EPSS 0.12%
  • Veröffentlicht 19.03.2024 17:15:11
  • Zuletzt bearbeitet 05.02.2025 15:38:53

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.

5.4

CVE-2022-4410

  • EPSS 0.17%
  • Veröffentlicht 14.12.2022 22:15:11
  • Zuletzt bearbeitet 21.11.2024 07:35:13

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary...

9.8

CVE-2022-41781

  • EPSS 0.59%
  • Veröffentlicht 18.11.2022 19:15:30
  • Zuletzt bearbeitet 21.11.2024 07:23:50

Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.

4.3

CVE-2022-4021

  • EPSS 0.14%
  • Veröffentlicht 16.11.2022 14:15:10
  • Zuletzt bearbeitet 21.11.2024 07:34:27

The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for una...

6.1

CVE-2022-0201

Exploit
  • EPSS 20.09%
  • Veröffentlicht 14.02.2022 12:15:16
  • Zuletzt bearbeitet 21.11.2024 06:38:07

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting ...