cleantalk
Vulnerabilities and Security Researches

NextMove Lite – Thank You Page for WooCommerce, CVE-2024-10860

CVE, Research URL

CVE-2024-10860

Home page URL

Security reports for NextMove Lite – Thank You Page for WooCommerce

Application

NextMove Lite – Thank You Page for WooCommerce

Published on
Feb 28, 2025
Research Description
The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to unauthorized submission of data due to a missing capability check on the _submit_uninstall_reason_action() function in all versions up to, and including, 2.19.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason on behalf of a site.
Affected versions
max 2.20.0.
Status
vulnerable
Previous vulnerability researches
NextMove Lite – Thank You Page for WooCommerce (CVE-2024-1120) , Jun 07, 2024
NextMove Lite – Thank You Page for WooCommerce (CVE-2024-25092) , Jun 07, 2024
NextMove Lite – Thank You Page for WooCommerce (CVE-2024-32104) , Jun 07, 2024
NextMove Lite – Thank You Page for WooCommerce (CVE-2024-10860) , Feb 28, 2025
NextMove Lite – Thank You Page for WooCommerce (CVE-2025-62969) , Nov 10, 2025
New vulnerability
Theme Editor (CVE-2025-9890) , Nov 10, 2025
wpForo Forum (CVE-2025-4203) , Nov 10, 2025
wpForo Forum (CVE-2025-11740) , Nov 10, 2025
Estatik Real Estate Plugin (CVE-2025-62963) , Nov 10, 2025
Interactive Content – H5P (CVE-2025-62951) , Nov 10, 2025