CVE-2025-23891

🗓️ 16 Jan 2025 20:07:41Reported by PatchstackType

Cross Site Scripting vulnerability in WordPress Yet Another Countdown Plugin versions up to 1.0.1

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-23891	16 Jan 202521:19	–	circl
CNNVD	WordPress plugin Yet Another Countdown 跨站脚本漏洞	16 Jan 202500:00	–	cnnvd
Cvelist	CVE-2025-23891 WordPress Yet Another Countdown Plugin plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability	16 Jan 202520:07	–	cvelist
EUVD	EUVD-2025-3509	3 Oct 202520:07	–	euvd
NVD	CVE-2025-23891	16 Jan 202521:15	–	nvd
Patchstack	WordPress Yet Another Countdown Plugin plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability	16 Jan 202518:42	–	patchstack
Positive Technologies	PT-2025-5174 · Unknown · Yet Another Countdown	16 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-23891	23 May 202512:00	–	redhatcve
Vulnrichment	CVE-2025-23891 WordPress Yet Another Countdown Plugin plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability	16 Jan 202520:07	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (January 13, 2025 to January 19, 2025)	23 Jan 202515:41	–	wordfence

Vulners

Node

vincent_loy yet_another_countdownRange≤1.0.1wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "yacp",
    "product": "Yet Another Countdown",
    "vendor": "Vincent Loy",
    "versions": [
      {
        "lessThanOrEqual": "1.0.1",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/yacp/vulnerability/wordpress-yet-another-countdown-plugin-plugin-1-0-1-cross-site-scripting-xss-vulnerability

17 Jun 2026 08:57Current

7.2High risk

Vulners AI Score7.2

CVSS 3.16.5

EPSS0.00357

SSVC

CWE-79