Update the WordPress Permalink Manager Lite plugin to the latest available version (at least 18.104.22.168).
Tien Nguyen Anh discovered and reported this Broken Access Control vulnerability in WordPress Permalink Manager Lite Plugin. This vulnerability has been fixed in version 22.214.171.124.
Authenticated Stored XSS vulnerability
Unauthorized Reflected CrossSite Scripting (XSS) vulnerability
SQL Injection (SQLi) vulnerability