Vulnerabilities > Xlplugins

DATE	CVE	VULNERABILITY TITLE	RISK
2025-03-12	CVE-2024-12589	Cross-site Scripting vulnerability in Xlplugins Finale The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. network low complexity xlplugins CWE-79	5.4
2025-02-28	CVE-2024-10860	Missing Authorization vulnerability in Xlplugins Nextmove The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0. network low complexity xlplugins CWE-862	4.3
2024-06-09	CVE-2024-25092	Missing Authorization vulnerability in Xlplugins Nextmove Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0. network low complexity xlplugins CWE-862	8.8
2024-06-09	CVE-2024-30485	Unspecified vulnerability in Xlplugins Finale Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0. network low complexity xlplugins	8.8
2023-09-04	CVE-2023-39162	Unspecified vulnerability in Xlplugins Woo-Confirmation-Email 3.5.0 Unauth. network low complexity xlplugins	6.1

Vulnerabilities > Xlplugins {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Xlplugins"}]}