WordPress Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Xu-Liang Liao in WordPress Countdown and CountUp, WooCommerce Sales Timer plugin (versions <= 1.5.7).

Solution

           Update the WordPress Countdown and CountUp, WooCommerce Sales Timer plugin to the latest available version (at least 1.5.8).