Unrated severityNVD Advisory· Published Feb 28, 2025· Updated Apr 8, 2026

NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission

CVE-2024-10860

Description

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason on behalf of a site.

Affected products

NextMove/NextMove Litellm-create
Range: <=2.19.0
xlplugins/NextMove Lite – Thank You Page for WooCommercev5
Range: 0
WordPress/NextMove Litewp-canonicalize

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3246927/mitre
www.wordfence.com/threat-intel/vulnerabilities/id/5cefecf8-46dc-4ae1-9e94-b724beb7136fmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000