CVE-2025-62969
- EPSS 0.06%
- Veröffentlicht 27.10.2025 01:34:14
- Zuletzt bearbeitet 22.01.2026 19:47:20
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through <= 2.21.0.
CVE-2025-52735
- EPSS 0.06%
- Veröffentlicht 22.10.2025 14:32:22
- Zuletzt bearbeitet 02.02.2026 17:16:14
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.21.0.
CVE-2024-10860
- EPSS 0.12%
- Veröffentlicht 28.02.2025 10:15:09
- Zuletzt bearbeitet 06.03.2025 15:00:16
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0....
CVE-2024-25092
- EPSS 70.05%
- Veröffentlicht 09.06.2024 11:15:49
- Zuletzt bearbeitet 21.11.2024 09:00:14
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
CVE-2024-32104
- EPSS 15.13%
- Veröffentlicht 15.04.2024 09:15:11
- Zuletzt bearbeitet 22.01.2026 19:49:00
Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1.
CVE-2024-1120
- EPSS 0.25%
- Veröffentlicht 01.03.2024 10:15:07
- Zuletzt bearbeitet 11.03.2025 16:46:21
The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings...