cleantalk
Vulnerabilities and Security Researches

Permalink Manager Lite, CVE-2022-4410

CVE, Research URL

CVE-2022-4410

Home page URL

Security reports for Permalink Manager Lite

Application

Permalink Manager Lite

Published on
Dec 15, 2022
Research Description
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-manager page if another plugin or theme is installed on the site that allows lower privileged users with unfiltered_html the ability to modify post/page titles with malicious web scripts.
Affected versions
max 2.3.0.
Status
vulnerable
Previous vulnerability researches
Premmerce Permalink Manager for WooCommerce (CVE-2023-33999) , Jun 13, 2026
Premmerce Permalink Manager for WooCommerce (CVE-2024-13362) , May 02, 2026
Premmerce Permalink Manager for WooCommerce (8512ead354b68073964ac5ed0d56a850019f3b6b) , Jun 16, 2026
Premmerce Permalink Manager for WooCommerce (CVE-2024-27971) , Jun 07, 2024
Premmerce Permalink Manager for WooCommerce (28021e3588b5020a77c66a88cac17e671730287f) , Jun 07, 2024
New vulnerability
WooCommerce Digital Signature (CVE-2026-52694) , Jun 17, 2026
Permalink Manager Lite (CVE-2026-8494) , Jun 17, 2026
Static Block (CVE-2026-10780) , Jun 17, 2026
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2026-49080) , Jun 16, 2026
The Events Calendar (CVE-2026-49772) , Jun 16, 2026