NextMove Lite – Thank You Page for WooCommerce

Software Type	Plugin
Software Slug	woo-thank-you-page-nextmove-lite (view on wordpress.org)
Software Status	Active
Software Author	xlplugins
Software Website	xlplugins.com
Software Downloads	441,695
Software Active Installs	10,000
Software Record Last Updated	June 18, 2026

9 Vulnerabilities

Submit a Vulnerability

NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' Shortcode

6.4

CVE-2026-0703

May 1, 2026

Researcher: Muhammad Yudha - DJ

NextMove Lite <= 2.23.0 - Missing Authorization

5.3

CVE-2025-68048

Jan 27, 2026

Researcher: NumeX

NextMove Lite <= 2.23.0 - Unauthenticated Insecure Direct Object Reference

5.3

CVE-2026-24599

Jan 15, 2026

Researcher: PPzzAArr

NextMove Lite <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2025-62969

Oct 18, 2025

Researcher: Muhammad Yudha - DJ

NextMove Lite <= 2.21.0 - Reflected Cross-Site Scripting

6.1

CVE-2025-52735

Jul 28, 2025

Researcher: LVT-tholv2k

NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission

4.3

CVE-2024-10860

Feb 27, 2025

Researcher: incognito

NextMove Lite <= 2.18.1 - Cross-Site Request Forgery

4.3

CVE-2024-32104

Apr 11, 2024

Researcher: Dhabaleshwar Das

NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure

5.3

CVE-2024-1120

Feb 29, 2024

Researcher: Francesco Carlucci

NextMove Lite <= 2.17.0 - Missing Authorization to Authenticated(Subscriber+) Plugin Activation

6.5

CVE-2024-25092

Feb 9, 2024

Researcher: beluga

Title	Status	CVE ID	CVSS	Researchers	Date
NextMove Lite - Thank You Page for WooCommerce <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'xlwcty_current_date' Shortcode	Patched	CVE-2026-0703	6.4	Muhammad Yudha - DJ	May 1, 2026
NextMove Lite <= 2.23.0 - Missing Authorization	Patched	CVE-2025-68048	5.3	NumeX	January 27, 2026
NextMove Lite <= 2.23.0 - Unauthenticated Insecure Direct Object Reference	Patched	CVE-2026-24599	5.3	PPzzAArr	January 15, 2026
NextMove Lite <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	Patched	CVE-2025-62969	6.4	Muhammad Yudha - DJ	October 18, 2025
NextMove Lite <= 2.21.0 - Reflected Cross-Site Scripting	Unpatched	CVE-2025-52735	6.1	LVT-tholv2k	July 28, 2025
NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission	Patched	CVE-2024-10860	4.3	incognito	February 27, 2025
NextMove Lite <= 2.18.1 - Cross-Site Request Forgery	Patched	CVE-2024-32104	4.3	Dhabaleshwar Das	April 11, 2024
NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure	Patched	CVE-2024-1120	5.3	Francesco Carlucci	February 29, 2024
NextMove Lite <= 2.17.0 - Missing Authorization to Authenticated(Subscriber+) Plugin Activation	Patched	CVE-2024-25092	6.5	beluga	February 9, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation