Vulnerabilities and security researches forfinale-woocommerce-sales-countdown-timer-discount finale-woocommerce-sales-countdown-timer-discount

Jun 07, 2024

CVE, Research URL: CVE-2024-32107
Home page URL: Security reports for Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Application: Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Date: Apr 11, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 562ea416d85a2049d70ab426e7463803d31cd817
Home page URL: Security reports for Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Application: Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Date: Jun 16, 2019
Research Description: Finale Lite – Sales Countdown Timer & Discount for WooCommerce [finale-woocommerce-sales-countdown-timer-discount] < 2.17.0 WordPress Finale Lite plugin <= 2.9.0 - Arbitrary File Upload vulnerability Arbitrary File Upload vulnerability found in WordPress Finale Lite plugin (versions <= 2.9.0).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-1120
Home page URL: Security reports for Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Application: Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Date: Mar 01, 2024
Research Description: The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-30485
Home page URL: Security reports for Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Application: Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Date: Jun 09, 2024
Research Description: Missing Authorization vulnerability in XLPlugins Finale Lite.This issue affects Finale Lite: from n/a through 2.18.0.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-47180
Home page URL: Security reports for Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Application: Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Date: Jan 02, 2025
Research Description: Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0.
Affected versions: Min -, max -.
Status: vulnerable

Mar 13, 2025

CVE, Research URL: CVE-2024-12589
Home page URL: Security reports for Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Application: Finale Lite – Sales Countdown Timer & Discount for WooCommerce
Date: Mar 12, 2025
Research Description: The Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin for WordPress is vulnerable to Stored DOM-Based Cross-Site Scripting via the countdown timer in all versions up to, and including, 2.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable