cleantalk
Vulnerabilities and Security Researches

Permalink Manager Lite, CVE-2024-2538

CVE, Research URL

CVE-2024-2538

Home page URL

Security reports for Permalink Manager Lite

Application

Permalink Manager Lite

Published on
Mar 20, 2024
Research Description
The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts.
Affected versions
max 2.4.3.2.
Status
vulnerable
Previous vulnerability researches
Premmerce Permalink Manager for WooCommerce (CVE-2023-33999) , Jun 13, 2026
Premmerce Permalink Manager for WooCommerce (CVE-2024-13362) , May 02, 2026
Premmerce Permalink Manager for WooCommerce (8512ead354b68073964ac5ed0d56a850019f3b6b) , Jun 16, 2026
Premmerce Permalink Manager for WooCommerce (CVE-2024-27971) , Jun 07, 2024
Premmerce Permalink Manager for WooCommerce (28021e3588b5020a77c66a88cac17e671730287f) , Jun 07, 2024
New vulnerability
WooCommerce Digital Signature (CVE-2026-52694) , Jun 17, 2026
Permalink Manager Lite (CVE-2026-8494) , Jun 17, 2026
Static Block (CVE-2026-10780) , Jun 17, 2026
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2026-49080) , Jun 16, 2026
The Events Calendar (CVE-2026-49772) , Jun 16, 2026