Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

XLPlugins — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting XLPlugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XLPlugins develops WordPress plugins for enhancing website functionality, with a history of security vulnerabilities including 12 recorded CVEs. Common issues involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. Notable characteristics include inconsistent security practices across their plugin portfolio, with some products containing multiple unpatched vulnerabilities over time. While no major public security incidents have been widely reported, their CVE history indicates a pattern of security gaps that could allow attackers to compromise websites, particularly when plugins remain unupdated or misconfigured.

Found 6 results / 12Clear Filters
Top products by XLPlugins: NextMove Lite Finale Lite NextMove Lite – Thank You Page for WooCommerce User Email Verification for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-68048 WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability — NextMove LiteCWE-862 7.5 High2026-02-20
CVE-2026-24599 WordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerability — NextMove LiteCWE-639 5.3 Medium2026-01-23
CVE-2025-62969 WordPress NextMove Lite plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability — NextMove LiteCWE-79 6.5 Medium2025-10-27
CVE-2025-52735 WordPress NextMove Lite plugin <= 2.24.0 - Cross Site Scripting (XSS) vulnerability — NextMove LiteCWE-79 7.1 High2025-10-22
CVE-2024-25092 WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability — NextMove LiteCWE-862 8.8 High2024-06-09
CVE-2024-32104 WordPress NextMove Lite plugin <= 2.18.1 - Cross Site Request Forgery (CSRF) vulnerability — NextMove LiteCWE-352 4.3 Medium2024-04-15

This page lists every published CVE security advisory associated with XLPlugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.