Permalink Manager Lite
by Mbis
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29092 | Hig | 0.46 | 7.1 | 0.00 | Mar 19, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3. | ||
| CVE-2022-4410 | Med | 0.42 | 6.4 | 0.01 | Dec 14, 2022 | The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the… | ||
| CVE-2024-2538 | Med | 0.35 | 5.4 | 0.01 | Mar 20, 2024 | The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-2543 | Med | 0.28 | 4.3 | 0.01 | Apr 9, 2024 | The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the… | ||
| CVE-2022-0201 | 0.01 | — | 0.03 | Feb 14, 2022 | The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue | |||
| CVE-2024-8195 | 0.00 | — | 0.01 | Aug 28, 2024 | The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. This makes it possible for… | |||
| CVE-2022-41781 | 0.00 | — | 0.01 | Nov 18, 2022 | Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. |
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.
- risk 0.42cvss 6.4epss 0.01
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the…
- risk 0.35cvss 5.4epss 0.01
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with…
- risk 0.28cvss 4.3epss 0.01
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the…
- CVE-2022-0201Feb 14, 2022risk 0.01cvss —epss 0.03
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
- CVE-2024-8195Aug 28, 2024risk 0.00cvss —epss 0.01
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. This makes it possible for…
- CVE-2022-41781Nov 18, 2022risk 0.00cvss —epss 0.01
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.