EUVD-2021-21286

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

WooCommerce Sales Timers plugin vulnerable to Cross-Site Request Forgery in versions up to 1.5.7

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2021-34636	28 Sep 202118:35	–	circl
CNNVD	WordPress 插件跨站请求伪造漏洞	28 Sep 202100:00	–	cnnvd
CVE	CVE-2021-34636	28 Sep 202113:53	–	cve
Cvelist	CVE-2021-34636 Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting	28 Sep 202113:53	–	cvelist
NVD	CVE-2021-34636	28 Sep 202114:15	–	nvd
OSV	CVE-2021-34636	28 Sep 202114:15	–	osv
Patchstack	WordPress Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)	27 Sep 202100:00	–	patchstack
Prion	Cross site request forgery (csrf)	28 Sep 202114:15	–	prion
Vulnrichment	CVE-2021-34636 Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting	28 Sep 202113:53	–	vulnrichment
WPVulnDB	Countdown and CountUp, WooCommerce Sales Timers < 1.5.8 - CSRF to Stored Cross-Site Scripting	27 Sep 202100:00	–	wpvulndb

[
  {
    "enisaIdVendor": [
      {
        "id": "a5c841ed-ea3d-3ee5-9961-ac77a2c43d87",
        "vendor": {
          "name": "wpdevart"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "47a09a3a-f72b-3b40-8997-420abe07a3a7",
        "product": {
          "name": "Countdown and CountUp, WooCommerce Sales Timers"
        },
        "product_version": "1.5.7 ≤1.5.7"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/vulnerability-advisories/
plugins	www.plugins.trac.wordpress.org/changeset/2605523/countdown-wpdevart-extended/trunk/includes/admin/coundown_theme_page.php
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

8.6High risk

Vulners AI Score8.6

CVSS 3.18.8

CVSS 26.8

EPSS0.00109

SSVC