cleantalk
Vulnerabilities and Security Researches

Permalink Manager Lite, CVE-2022-4021

CVE, Research URL

CVE-2022-4021

Home page URL

Security reports for Permalink Manager Lite

Application

Permalink Manager Lite

Published on
Nov 16, 2022
Research Description
The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to change plugin settings including permalinks and site maps, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.2.20.2.
Status
vulnerable
Previous vulnerability researches
Premmerce Permalink Manager for WooCommerce (CVE-2023-33999) , Jun 13, 2026
Premmerce Permalink Manager for WooCommerce (CVE-2024-13362) , May 02, 2026
Premmerce Permalink Manager for WooCommerce (8512ead354b68073964ac5ed0d56a850019f3b6b) , Jun 16, 2026
Premmerce Permalink Manager for WooCommerce (CVE-2024-27971) , Jun 07, 2024
Premmerce Permalink Manager for WooCommerce (28021e3588b5020a77c66a88cac17e671730287f) , Jun 07, 2024
New vulnerability
WooCommerce Digital Signature (CVE-2026-52694) , Jun 17, 2026
Permalink Manager Lite (CVE-2026-8494) , Jun 17, 2026
Static Block (CVE-2026-10780) , Jun 17, 2026
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2026-49080) , Jun 16, 2026
The Events Calendar (CVE-2026-49772) , Jun 16, 2026