WordPress Plugin Vulnerabilities

NextMove Lite < 2.24.0 - Unauthenticated Insecure Direct Object Reference

Description

The NextMove Lite – Thank You Page for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.23.0 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

References

Classification

Type
IDOR
CWE

Miscellaneous

Original Researcher
PPzzAArr
Verified
No

Timeline

Publicly Published
2026-01-15 (about 5 months ago)
Added
2026-01-28 (about 5 months ago)
Last Updated
2026-03-17 (about 3 months ago)

Other