All 4 CVE vulnerabilities found in Finale Lite, with AI-generated Chinese analysis, references, and POCs.
Vendor: XLPlugins
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-52736 | WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability CWE-79 | 6.1AI | MediumAI | 2025-10-22 |
| CVE-2023-47180 | WordPress Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugin <= 2.16.0 - Arbitrary Content Deletion vulnerability CWE-862 | 6.5 | Medium | 2025-01-02 |
| CVE-2024-30485 | WordPress Finale Lite plugin <= 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability CWE-862 | 8.8 | High | 2024-06-09 |
| CVE-2024-32107 | WordPress Finale Lite plugin <= 2.18.0 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 | 4.3 | Medium | 2024-04-11 |
All 4 known CVE vulnerabilities affecting Finale Lite with full Chinese analysis, references, and POCs where available.