Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
NextMove Lite: Unauthorized Access to Configuration Settings
CVE-2025-68048
Summary
NextMove Lite plugins may allow unauthorized access to sensitive settings. This could potentially allow an attacker to make changes to the plugin's settings, which could compromise the security of the website. To protect your website, immediately update NextMove Lite to the latest version (2.23.1 or higher).
Original title
Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove L...
Original description
Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.
nvd CVSS3.1
7.5
Vulnerability type
CWE-862
Missing Authorization
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026