VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 13 known issues Latest disclosed Feb 25, 2026

Permalink Manager Lite Vulnerabilities

Review known vulnerability records for the WordPress plugin Permalink Manager Lite (`permalink-manager`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-32413, CVE-2025-59010 and CVE-2024-8195, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
13
High or Critical
2
Patch Coverage
100%
Last Updated
Apr 15, 2026
Priority CVE Quick Links

Fast paths into Permalink Manager Lite CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
13
CVE-2022-4021 High 2.2.20.2
CVE-2022-4021 Permalink Manager Lite Cross-Site Request Forgery

Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery

CVE-2021-24769 High 2.2.13.1
CVE-2021-24769 Permalink Manager Lite SQL Injection

Permalink Manager Lite <= 2.2.12 - Admin+ SQL Injection

CVE-2022-41781 Medium 2.2.20.1
CVE-2022-41781 Permalink Manager Lite Authorization Bypass

Permalink Manager Lite <= 2.2.20 - Missing Authorization

CVE-2022-4410 Medium 2.3.0
CVE-2022-4410 Permalink Manager Lite Stored Cross-Site Scripting

Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting

CVE-2024-37257 Medium 2.4.3.4
CVE-2024-37257 Permalink Manager Lite Cross-Site Scripting

Permalink Manager Lite <= 2.4.3.3 - Reflected Cross-Site Scripting

CVE-2024-2738 Medium 2.4.3.2
CVE-2024-2738 Permalink Manager Lite Cross-Site Scripting

Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting

CVE-2024-29092 Medium 2.4.3.1
CVE-2024-29092 Permalink Manager Lite Cross-Site Scripting

Permalink Manager Lite <= 2.4.3 - Reflected Cross-Site Scripting

CVE-2022-0201 Medium 2.2.15
CVE-2022-0201 Permalink Manager Lite Cross-Site Scripting

Permalink Manager Lite <= 2.2.14 Reflected Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Permalink Manager Lite so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
13 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2026-32413, CVE-2025-59010 and CVE-2024-8195
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Permalink Manager Lite

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-32413
CVE-2026-32413: Permalink Manager Lite < 2.5.3 - Missing Authorization

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to 2.5.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Published
Feb 25, 2026
Patched Release
2.5.3
Affected Versions
Versions before 2.5.3
Next Step
Update to 2.5.3 or newer if supported.
Open CVE-2026-32413 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-59010
CVE-2025-59010: Permalink Manager Lite <= 2.5.1.3 - Unauthenticated Sensitive Information Exposure

The Permalink Manager Lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.1.3. This makes it possible for unauthenticated attackers to extract sensitive user or configuration data.

Published
Sep 06, 2025
Patched Release
2.5.1.4
Affected Versions
Versions up to 2.5.1.3
Next Step
Update to 2.5.1.4 or newer if supported.
Open CVE-2025-59010 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-8195
CVE-2024-8195: Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'debug_data', 'debug_query', and 'debug_redirect' functions in all versions up to, and including, 2.4.4. This makes it possible for unauthenticate...

Published
Aug 27, 2024
Patched Release
2.4.4.1
Affected Versions
Versions up to 2.4.4
Next Step
Update to 2.4.4.1 or newer if supported.
Open CVE-2024-8195 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-37257
CVE-2024-37257: Permalink Manager Lite <= 2.4.3.3 - Reflected Cross-Site Scripting

The Permalink Manager Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.4.3.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

Published
Jun 27, 2024
Patched Release
2.4.3.4
Affected Versions
Versions up to 2.4.3.3
Next Step
Update to 2.4.3.4 or newer if supported.
Open CVE-2024-37257 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2543
CVE-2024-2543: Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_uri_editor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalin...

Published
Mar 20, 2024
Patched Release
2.4.3.2
Affected Versions
Versions up to 2.4.3.1
Next Step
Update to 2.4.3.2 or newer if supported.
Open CVE-2024-2543 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2738
CVE-2024-2738: Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ā€˜sā€™ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible f...

Published
Mar 20, 2024
Patched Release
2.4.3.2
Affected Versions
Versions up to 2.4.3.1
Next Step
Update to 2.4.3.2 or newer if supported.
Open CVE-2024-2738 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2538
CVE-2024-2538: Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with autho...

Published
Mar 18, 2024
Patched Release
2.4.3.2
Affected Versions
Versions up to 2.4.3.1
Next Step
Update to 2.4.3.2 or newer if supported.
Open CVE-2024-2538 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-29092
CVE-2024-29092: Permalink Manager Lite <= 2.4.3 - Reflected Cross-Site Scripting

The Permalink Manager Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

Published
Mar 15, 2024
Patched Release
2.4.3.1
Affected Versions
Versions up to 2.4.3
Next Step
Update to 2.4.3.1 or newer if supported.
Open CVE-2024-29092 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-4410
CVE-2022-4410: Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including 2.2.20.3 due to improper output escaping on post/page/media titles. This makes it possible for attackers to inject arbitrary web scripts on the permalink-...

Published
Dec 14, 2022
Patched Release
2.3.0
Affected Versions
Versions up to 2.2.20.3
Next Step
Update to 2.3.0 or newer if supported.
Open CVE-2022-4410 Report Open CVE Reference
Plugin High Patched: Yes CVE-2022-4021
CVE-2022-4021: Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery

The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extra_actions function. This makes it possible for unauthenticated attackers to chan...

Published
Nov 16, 2022
Patched Release
2.2.20.2
Affected Versions
Versions up to 2.2.20.1
Next Step
Update to 2.2.20.2 or newer if supported.
Open CVE-2022-4021 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-41781
CVE-2022-41781: Permalink Manager Lite <= 2.2.20 - Missing Authorization

The Permalink Manager Lite plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the extra_actions function in versions up to, and including, 2.2.20. This makes it possible for unauthenticated attackers to remove URIs, plugin data, and fl...

Published
Nov 01, 2022
Patched Release
2.2.20.1
Affected Versions
Versions up to 2.2.20
Next Step
Update to 2.2.20.1 or newer if supported.
Open CVE-2022-41781 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-0201
CVE-2022-0201: Permalink Manager Lite <= 2.2.14 Reflected Cross-Site Scripting

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue

Published
Jan 17, 2022
Patched Release
2.2.15
Affected Versions
Versions before 2.2.15
Next Step
Update to 2.2.15 or newer if supported.
Open CVE-2022-0201 Report Open CVE Reference