CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-32104 – WordPress NextMove Lite plugin <= 2.18.1 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32104
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en XLPlugins NextMove Lite. Este problema afecta a NextMove Lite: desde n/a hasta 2.18.1. The NextMove Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.1. This is due to missing or incorrect nonce validation on the xl_addon_installation() function. • https://github.com/Cerberus-HiproPlus/CVE-2024-32104 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25092 – WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability
https://notcve.org/view.php?id=CVE-2024-25092
09 Feb 2024 — Missing Authorization vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.17.0. Vulnerabilidad de autorización faltante en XLPlugins NextMove Lite. Este problema afecta a NextMove Lite: desde n/a hasta 2.17.0. The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'xl_addon_installation' function in all versions up to, and including, 2.17.0. This makes it pos... • https://github.com/RandomRobbieBF/CVE-2024-25092 • CWE-862: Missing Authorization •