CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8195 – Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure
https://notcve.org/view.php?id=CVE-2024-8195
27 Aug 2024 — The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to extract sensitive data including password, title, and content of password-protected posts. • https://plugins.trac.wordpress.org/browser/permalink-manager/tags/2.4.4/includes/core/permalink-manager-debug.php#L70 • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37257 – WordPress Permalink Manager Lite plugin <= 2.4.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37257
27 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Maciej Bis Permalink Manager Lite permite el XSS reflejado. Este problema afecta a Permalink Manager Lite: desde n/a hasta 2.4.3.3. The Permalink Mana... • https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-4-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2738 – Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-2738
20 Mar 2024 — The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Los complementos Permalink Manager Lite y Pro para WordPr... • https://gist.github.com/Xib3rR4dAr/561ac3c17b92cb55d3032504a076fa4b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2543 – Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor
https://notcve.org/view.php?id=CVE-2024-2543
20 Mar 2024 — The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts. El complemento Permalink Manager Lite para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función 'get_uri_editor' en todas las versiones hasta la 2... • https://gist.github.com/Xib3rR4dAr/a248426dfee107c6fda08e80f98fa894 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4410 – Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-4410
14 Dec 2022 — The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts. El complemento Permalink Manager Lite para W... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2833667%40permalink-manager&new=2833667%40permalink-manager&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4021 – Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2022-4021
16 Nov 2022 — The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Permalink Manager Lite para WordPress es vuln... • https://plugins.trac.wordpress.org/changeset/2818142#file34 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41781 – WordPress Permalink Manager Lite plugin <= 2.2.20 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-41781
01 Nov 2022 — Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. Vulnerabilidad de control de acceso roto en el complemento Permalink Manager Lite en WordPress en versiones <= 2.2.20. The Permalink Manager Lite plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the extra_actions function in versions up to, and including, 2.2.20. This makes it possible for unauthenticated attackers to remove URIs, plugin data, and flush sitemaps. • https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-2-20-broken-access-control-vulnerability?_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-0201 – Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0201
17 Jan 2022 — The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue El plugin Permalink Manager Lite de WordPress versiones anteriores a 2.2.15 y el plugin Permalink Manager Pro de WordPress versiones anteriores a 2.2.15, no sanean ni escapan los parámetros query antes de devolverlos a la página de depuración, conllevando ... • https://plugins.trac.wordpress.org/changeset/2656512 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24769 – Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection
https://notcve.org/view.php?id=CVE-2021-24769
27 Sep 2021 — The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection El plugin Permalink Manager Lite de WordPress versiones anteriores a 2.2.13.1, no comprueba ni escapa el parámetro "orderby" antes de usarlo en una sentencia SQL en la página Permalink Manager, conllevando a una inyección SQL • https://wpscan.com/vulnerability/a2f211af-5373-425f-9964-ebbf5efde87b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •