cbcvebase.

Maciej Bis Permalink Manager Lite vulnerabilities

6 known vulnerabilities affecting maciej_bis/permalink_manager_lite.

Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-0201P3MEDIUMCVSS 6.1PoC≥ 2.2.15, < 2.2.152022-02-14
CVE-2022-0201 [MEDIUM] CWE-79 CVE-2022-0201: The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
nvd
CVE-2022-41781P3CRITICALCVSS 9.8≤ 2.2.202022-11-18
CVE-2022-41781 [CRITICAL] CWE-264 CVE-2022-41781: Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
nvd
CVE-2025-59010P3HIGHCVSS 7.5≤ 2.5.1.32025-09-26
CVE-2025-59010 [HIGH] CWE-201 CVE-2025-59010: Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Retrieve Embedded Sensitive Data.This issue affects Permalink Manager Lite: from n/a through <= 2.5.1.3.
nvd
CVE-2026-32413P4MEDIUMCVSS 5.3≤ 2.5.32026-03-13
CVE-2026-32413 [MEDIUM] CWE-862 CVE-2026-32413: Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Ex Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3.
nvd
CVE-2024-37257P4MEDIUMCVSS 6.1≥ n/a, ≤ 2.4.3.32024-07-22
CVE-2024-37257 [MEDIUM] CWE-79 CVE-2024-37257: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3.
nvd
CVE-2024-29092P4MEDIUMCVSS 6.1≥ n/a, ≤ 2.4.32024-03-19
CVE-2024-29092 [MEDIUM] CWE-79 CVE-2024-29092: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.
nvd
Maciej Bis Permalink Manager Lite vulnerabilities | cvebase