Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Permalink Manager Lite — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in Permalink Manager Lite, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with Permalink Manager Lite, a WordPress plugin developed by BetterLinks. It serves as a centralized resource for tracking known weaknesses, specifically focusing on Cross-Site Scripting (XSS) and other input validation flaws prevalent in this plugin category. The collection aggregates historical vulnerability reports and security advisories, covering incidents reported from early 2019 through mid-2023. This time range captures the critical period where numerous outdated versions were actively exploited by attackers seeking to compromise site integrity through stored and reflected script injection. Visitors to this aggregation page can track a vendor's advisories to understand how quickly BetterLinks responds to reported security issues and implements patches. You can also gain a deeper understanding of a weakness class by observing how specific implementation errors in permalink management logic lead to broader security risks. Furthermore, the page allows you to look up a product's vulnerability history, providing a clear timeline of affected versions and the severity of each disclosed issue. This information is essential for administrators to assess their exposure levels, prioritize updates, and verify that their instances are no longer running deprecated software versions. By consolidating these disparate security reports, the page offers a clearer picture of the plugin's security posture over time, helping site owners make informed decisions about maintenance and risk management without relying on scattered external sources.

Vendor: Unknown

CVE IDTitleCVSSSeverityPublished
CVE-2026-8494 Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title CWE-79 6.4 Medium2026-06-17
CVE-2026-32413 WordPress Permalink Manager Lite plugin < 2.5.3 - Broken Access Control vulnerability CWE-862 5.3 Medium2026-03-13
CVE-2025-59010 WordPress Permalink Manager Lite Plugin <= 2.5.1.3 - Sensitive Data Exposure Vulnerability CWE-201 7.5 High2025-09-26
CVE-2024-8195 Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure CWE-862 5.3 Medium2024-08-28
CVE-2024-37257 WordPress Permalink Manager Lite plugin <= 2.4.3.3 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-07-22
CVE-2024-2543 Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor CWE-639 4.3 Medium2024-04-09
CVE-2024-2738 Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting CWE-79 6.1 Medium2024-04-09
CVE-2024-2538 Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification CWE-639 5.4 Medium2024-03-20
CVE-2024-29092 WordPress Permalink Manager Lite plugin <= 2.4.3 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-03-19
CVE-2022-4410 Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting CWE-79 6.4 Medium2022-12-14
CVE-2022-41781 WordPress Permalink Manager Lite plugin <= 2.2.20 - Broken Access Control vulnerability CWE-264 6.5 Medium2022-11-18
CVE-2022-4021 Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery CWE-352 8.8 High2022-11-16
CVE-2022-0201 Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting CWE-79 6.1 -2022-02-14
CVE-2021-24769 Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection CWE-89 7.2 -2021-10-25

All 14 known CVE vulnerabilities affecting Permalink Manager Lite with full Chinese analysis, references, and POCs where available.