cleantalk
Vulnerabilities and Security Researches

Finale Lite – Sales Countdown Timer & Discount for WooCommerce, CVE-2024-1120

CVE, Research URL

CVE-2024-1120

Home page URL

Security reports for Finale Lite – Sales Countdown Timer & Discount for WooCommerce

Application

Finale Lite – Sales Countdown Timer & Discount for WooCommerce

Published on
Mar 01, 2024
Research Description
The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.
Affected versions
Min -, max 2.18.0.
Status
vulnerable
Previous vulnerability researches
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (CVE-2024-32107) , Jun 07, 2024
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (562ea416d85a2049d70ab426e7463803d31cd817) , Jun 07, 2024
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (CVE-2024-1120) , Jun 07, 2024
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (CVE-2024-30485) , Jun 07, 2024
Finale Lite – Sales Countdown Timer & Discount for WooCommerce (CVE-2023-47180) , Jun 10, 2024
New vulnerability
WP Edit (CVE-2025-53253) , Jul 01, 2025
Accept Authorize.NET Payments Using Contact Form 7 (CVE-2025-53322) , Jul 01, 2025
Owl carousel responsive (CVE-2025-5590) , Jul 01, 2025
App Builder – Create Native Android & iOS Apps On The Flight (CVE-2025-49989) , Jul 01, 2025
Sitekit (CVE-2025-50047) , Jul 01, 2025