CVE-2023-47180

Medium CVSS: 6.5

Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0.

Vendor

Xlplugins

Product

Finale

CWE

CWE-862

Yayın Tarihi

2025-01-02 12:15:14

Güncelleme

2026-01-22 19:50:37

Source Identifier

audit@patchstack.com

KEV Date Added

Kategoriler

CWE-862 Finale MEDIUM Xlplugins 2025

Referanslar

https://patchstack.com/database/wordpress/plugin/finale-woocommerce-sales-countdown-timer-discount/vulnerability/wordpress-finale-lite-sales-countdown-timer-discount-for-woocommerce-plugin-2-16-0-arbitrary-content-deletion-vulnerability?_s_id=cve

Benzer Kayıtlar

Medium

CVE-2025-62969

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove…

Medium

CVE-2025-52735

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove…

Medium

CVE-2024-12589

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Base…

Medium

CVE-2024-10860

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data…