VYPR

Nextmove

by Xlplugins

CVEs (7)

  • CVE-2025-68048HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.

  • CVE-2025-52735HigOct 22, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.24.0.

  • CVE-2025-62969MedOct 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Stored XSS.This issue affects NextMove Lite: from n/a through <= 2.23.0.

  • CVE-2026-24599MedJan 23, 2026
    risk 0.34cvss 5.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.

  • CVE-2024-1120MedMar 1, 2024
    risk 0.34cvss 5.3epss 0.01

    The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all…

  • CVE-2024-32104MedApr 15, 2024
    risk 0.29cvss 4.3epss 0.01

    Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1.

  • CVE-2024-25092Jun 9, 2024
    risk 0.06cvss epss 0.01

    Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0.