The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and...
5.3CVSS
7AI Score
0.0004EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2...
4.8CVSS
6.1AI Score
0.0004EPSS
The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF...
8.8CVSS
8.6AI Score
0.001EPSS
A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...
5.4CVSS
7AI Score
0.001EPSS
The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions...
8.8CVSS
8.5AI Score
0.001EPSS