Refine your search
6 vulnerabilities found for Permalink Manager Lite by Maciej Bis
CVE-2026-32413 (GCVE-0-2026-32413)
Vulnerability from cvelistv5
Published
2026-03-13 11:42
Modified
2026-04-29 09:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through < 2.5.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Maciej Bis | Permalink Manager Lite |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-32413",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-13T18:46:04.636135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-13T18:53:32.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "permalink-manager",
"product": "Permalink Manager Lite",
"vendor": "Maciej Bis",
"versions": [
{
"changes": [
{
"at": "2.5.3",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.5.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "hhhai | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:06:10.317Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Permalink Manager Lite: from n/a through \u003c 2.5.3.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Permalink Manager Lite: from n/a through \u003c 2.5.3."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:59.009Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/permalink-manager/vulnerability/wordpress-permalink-manager-lite-plugin-2-5-3-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Permalink Manager Lite plugin \u003c 2.5.3 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2026-32413",
"datePublished": "2026-03-13T11:42:14.732Z",
"dateReserved": "2026-03-12T11:11:19.857Z",
"dateUpdated": "2026-04-29T09:51:59.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59010 (GCVE-0-2025-59010)
Vulnerability from cvelistv5
Published
2025-09-26 08:31
Modified
2026-04-28 16:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Summary
Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Retrieve Embedded Sensitive Data.This issue affects Permalink Manager Lite: from n/a through <= 2.5.1.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Maciej Bis | Permalink Manager Lite |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59010",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-30T15:42:44.158689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-30T15:42:54.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "permalink-manager",
"product": "Permalink Manager Lite",
"vendor": "Maciej Bis",
"versions": [
{
"changes": [
{
"at": "2.5.1.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.5.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Que Thanh Tuan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:43:01.703Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Permalink Manager Lite: from n/a through \u003c= 2.5.1.3.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Maciej Bis Permalink Manager Lite permalink-manager allows Retrieve Embedded Sensitive Data.This issue affects Permalink Manager Lite: from n/a through \u003c= 2.5.1.3."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:51.557Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/permalink-manager/vulnerability/wordpress-permalink-manager-lite-plugin-2-5-1-3-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "WordPress Permalink Manager Lite Plugin \u003c= 2.5.1.3 - Sensitive Data Exposure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-59010",
"datePublished": "2025-09-26T08:31:08.621Z",
"dateReserved": "2025-09-06T04:45:39.391Z",
"dateUpdated": "2026-04-28T16:13:51.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-37257 (GCVE-0-2024-37257)
Vulnerability from cvelistv5
Published
2024-07-22 09:06
Modified
2026-04-28 16:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Maciej Bis | Permalink Manager Lite |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37257",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T13:32:53.227878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T13:33:02.029Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-4-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "permalink-manager",
"product": "Permalink Manager Lite",
"vendor": "Maciej Bis",
"versions": [
{
"changes": [
{
"at": "2.4.3.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.4.3.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.\u003cp\u003eThis issue affects Permalink Manager Lite: from n/a through 2.4.3.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.3."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:57.635Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-4-3-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.4.3.4 or a higher version."
}
],
"value": "Update to 2.4.3.4 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Permalink Manager Lite plugin \u003c= 2.4.3.3 - Reflected Cross Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-37257",
"datePublished": "2024-07-22T09:06:58.114Z",
"dateReserved": "2024-06-04T16:46:44.986Z",
"dateUpdated": "2026-04-28T16:09:57.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-29092 (GCVE-0-2024-29092)
Vulnerability from cvelistv5
Published
2024-03-19 16:41
Modified
2026-04-28 16:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Maciej Bis | Permalink Manager Lite |
Version: n/a < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T13:47:10.595243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:56:44.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "permalink-manager",
"product": "Permalink Manager Lite",
"vendor": "Maciej Bis",
"versions": [
{
"changes": [
{
"at": "2.4.3.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.4.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafie Muhammad (Patchstack)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.\u003cp\u003eThis issue affects Permalink Manager Lite: from n/a through 2.4.3.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:16.356Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 2.4.3.1 or a higher version."
}
],
"value": "Update to 2.4.3.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Permalink Manager Lite plugin \u003c= 2.4.3 - Reflected Cross Site Scripting (XSS) vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-29092",
"datePublished": "2024-03-19T16:41:51.061Z",
"dateReserved": "2024-03-15T10:51:21.287Z",
"dateUpdated": "2026-04-28T16:09:16.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-41781 (GCVE-0-2022-41781)
Vulnerability from cvelistv5
Published
2022-11-18 19:00
Modified
2026-04-28 16:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-264 - Permissions, Privileges, and Access Controls
Summary
Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Maciej Bis | Permalink Manager Lite |
Version: <= 2.2.20 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-2-20-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:15:04.649747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T19:52:24.738Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Permalink Manager Lite",
"vendor": "Maciej Bis",
"versions": [
{
"lessThanOrEqual": "2.2.20",
"status": "affected",
"version": "\u003c= 2.2.20",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance)"
}
],
"datePublic": "2022-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Broken Access Control vulnerability in Permalink Manager Lite plugin \u003c= 2.2.20 on WordPress."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-264",
"description": "CWE-264 Permissions, Privileges, and Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:07:49.720Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"url": "https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-2-20-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 2.2.20.1 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Permalink Manager Lite plugin \u003c= 2.2.20 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-41781",
"datePublished": "2022-11-18T19:00:40.013Z",
"dateReserved": "2022-10-19T00:00:00.000Z",
"dateUpdated": "2026-04-28T16:07:49.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-0201 (GCVE-0-2022-0201)
Vulnerability from cvelistv5
Published
2022-02-14 09:21
Modified
2024-08-02 23:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Maciej Bis | Permalink Manager Lite |
Version: 2.2.15 < 2.2.15 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:42.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2656512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Permalink Manager Lite",
"vendor": "Maciej Bis",
"versions": [
{
"lessThan": "2.2.15",
"status": "affected",
"version": "2.2.15",
"versionType": "custom"
}
]
},
{
"product": "Permalink Manager Pro",
"vendor": "Maciej Bis",
"versions": [
{
"lessThan": "2.2.15",
"status": "affected",
"version": "2.2.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-14T09:21:04.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://plugins.trac.wordpress.org/changeset/2656512"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Permalink Manager \u003c 2.2.15 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-0201",
"STATE": "PUBLIC",
"TITLE": "Permalink Manager \u003c 2.2.15 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Permalink Manager Lite",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.2.15",
"version_value": "2.2.15"
}
]
}
},
{
"product_name": "Permalink Manager Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.2.15",
"version_value": "2.2.15"
}
]
}
}
]
},
"vendor_name": "Maciej Bis"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Krzysztof Zaj\u0105c"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/f274b0d8-74bf-43de-9051-29ce36d78ad4"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/2656512",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2656512"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-0201",
"datePublished": "2022-02-14T09:21:04.000Z",
"dateReserved": "2022-01-12T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:18:42.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}