Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Xu-Liang Liao in WordPress Countdown and CountUp, WooCommerce Sales Timer plugin (versions <= 1.5.7).
Update the WordPress Countdown and CountUp, WooCommerce Sales Timer plugin to the latest available version (at least 1.5.8).
CPE | Name | Operator | Version |
---|---|---|---|
countdown and countup, woocommerce sales timer | le | 1.5.7 |