Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

xlplugins — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting xlplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.

XLPlugins develops WordPress plugins for enhancing website functionality, with a history of security vulnerabilities including 12 recorded CVEs. Common issues involve remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. Notable characteristics include inconsistent security practices across their plugin portfolio, with some products containing multiple unpatched vulnerabilities over time. While no major public security incidents have been widely reported, their CVE history indicates a pattern of security gaps that could allow attackers to compromise websites, particularly when plugins remain unupdated or misconfigured.

Top products by xlplugins: NextMove Lite Finale Lite NextMove Lite – Thank You Page for WooCommerce User Email Verification for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-0703 NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' Shortcode — NextMove Lite – Thank You Page for WooCommerceCWE-79 6.4 Medium2026-05-02
CVE-2025-68048 WordPress NextMove Lite plugin <= 2.23.0 - Broken Access Control vulnerability — NextMove LiteCWE-862 7.5 High2026-02-20
CVE-2026-24599 WordPress NextMove Lite plugin <= 2.23.0 - Insecure Direct Object References (IDOR) vulnerability — NextMove LiteCWE-639 5.3 Medium2026-01-23
CVE-2025-62969 WordPress NextMove Lite plugin <= 2.23.0 - Cross Site Scripting (XSS) vulnerability — NextMove LiteCWE-79 6.5 Medium2025-10-27
CVE-2025-52735 WordPress NextMove Lite plugin <= 2.24.0 - Cross Site Scripting (XSS) vulnerability — NextMove LiteCWE-79 7.1 High2025-10-22
CVE-2024-10860 NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission — NextMove Lite – Thank You Page for WooCommerceCWE-862 4.3 Medium2025-02-28
CVE-2023-47180 WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerability — Finale LiteCWE-862 6.5 Medium2025-01-02
CVE-2024-30485 WordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability — Finale LiteCWE-862 8.8 High2024-06-09
CVE-2024-25092 WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability — NextMove LiteCWE-862 8.8 High2024-06-09
CVE-2024-32104 WordPress NextMove Lite plugin <= 2.18.1 - Cross Site Request Forgery (CSRF) vulnerability — NextMove LiteCWE-352 4.3 Medium2024-04-15
CVE-2024-32107 WordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerability — Finale LiteCWE-352 4.3 Medium2024-04-11
CVE-2023-39162 WordPress User Email Verification for WooCommerce Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS) — User Email Verification for WooCommerceCWE-79 7.1 High2023-09-04

This page lists every published CVE security advisory associated with xlplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.