Skip to main content

Nextmove

5 CVEs product

Monthly

CVE-2025-62969 MEDIUM This Month

Stored cross-site scripting (XSS) in XLPlugins NextMove Lite WordPress plugin versions through 2.23.0 allows authenticated users with low privileges to inject malicious scripts into thank-you pages, affecting site visitors with escalated impact in multi-site contexts. The vulnerability requires user interaction (page visit) and leverages the plugin's improper input sanitization on web page generation. EPSS exploitation probability is low (0.02%), and no confirmed active exploitation has been reported; however, the stored nature and authenticated attack vector make it a meaningful risk for WordPress sites with untrusted user roles.

WordPress PHP XSS Nextmove
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-10860 MEDIUM This Month

The NextMove Lite - Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Nextmove
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-25092 HIGH This Week

Missing Authorization vulnerability in XLPlugins NextMove Lite.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextmove
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-32104 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.18.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

CSRF Nextmove
NVD
CVSS 3.1
4.3
EPSS
15.1%
CVE-2024-1120 MEDIUM PATCH This Month

The NextMove Lite - Thank You Page for WooCommerce and Finale Lite - Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Finale Nextmove
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored cross-site scripting (XSS) in XLPlugins NextMove Lite WordPress plugin versions through 2.23.0 allows authenticated users with low privileges to inject malicious scripts into thank-you pages, affecting site visitors with escalated impact in multi-site contexts. The vulnerability requires user interaction (page visit) and leverages the plugin's improper input sanitization on web page generation. EPSS exploitation probability is low (0.02%), and no confirmed active exploitation has been reported; however, the stored nature and authenticated attack vector make it a meaningful risk for WordPress sites with untrusted user roles.

WordPress PHP XSS +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The NextMove Lite - Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Nextmove
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in XLPlugins NextMove Lite.17.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nextmove
NVD
EPSS 15% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.18.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.1% and no vendor patch available.

CSRF Nextmove
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The NextMove Lite - Thank You Page for WooCommerce and Finale Lite - Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Finale +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy