Vulnerabilities > Xlplugins

DATE CVE VULNERABILITY TITLE RISK
2025-03-12 CVE-2024-12589 Cross-site Scripting vulnerability in Xlplugins Finale
The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping.
network
low complexity
xlplugins CWE-79
5.4
2025-02-28 CVE-2024-10860 Missing Authorization vulnerability in Xlplugins Nextmove
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0.
network
low complexity
xlplugins CWE-862
4.3
2024-06-09 CVE-2024-25092 Missing Authorization vulnerability in Xlplugins Nextmove
Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.
network
low complexity
xlplugins CWE-862
8.8
2024-06-09 CVE-2024-30485 Unspecified vulnerability in Xlplugins Finale
Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.
network
low complexity
xlplugins
8.8
2023-09-04 CVE-2023-39162 Unspecified vulnerability in Xlplugins Woo-Confirmation-Email 3.5.0
Unauth.
network
low complexity
xlplugins
6.1