Lucene search
K

71 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-51644

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00394EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-50179

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00337EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/28 3:21 a.m.13 views

CVE-2025-5929

The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

6.4CVSS6AI score0.00198EPSS
Exploits0References1
OSV
OSV
added 2025/06/26 3:15 a.m.3 views

CVE-2025-5929

The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

5.4CVSS5.9AI score0.00198EPSS
Exploits0References3
NVD
NVD
added 2025/06/26 3:15 a.m.9 views

CVE-2025-5929

The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

6.4CVSS0.00198EPSS
Exploits0References3
CVE
CVE
added 2025/06/26 2:22 a.m.27 views

CVE-2025-5929

CVE-2025-5929 – The Countdown WordPress plugin is reported to have a Stored Cross-Site Scripting vulnerability via the clientId parameter in versions up to and including 2.0.1. The vulnerability requires authentication at Contributor level or higher, and could allow an attacker to inject scripts ...

6.4CVSS5.9AI score0.00198EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/26 2:22 a.m.4 views

CVE-2025-5929 The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter

The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

6.4CVSS5.9AI score0.00198EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.5 views

PT-2025-26928 · WordPress · Countdown

Name of the Vulnerable Software and Affected Versions: Countdown plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via the clientId parameter due to insufficient input sanitization and output escaping. This allows...

6.4CVSS6.3AI score0.00198EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/06/26 12:0 a.m.4 views

WordPress plugin The Countdown 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.6AI score0.00198EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.21 views

CVE-2024-4384

The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS5.6AI score0.00354EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 7:2 a.m.7 views

CVE-2024-11755

The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS7.4AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:16 a.m.7 views

CVE-2023-47533

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin = 1.8.2 versions...

5.9CVSS5.6AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:19 a.m.15 views

CVE-2022-3837

The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.6AI score0.0047EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:31 a.m.7 views

CVE-2022-4954

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

5.5CVSS5.8AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/17 3:47 p.m.15 views

CVE-2025-32578 WordPress Coming Soon Countdown Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mapro Collins Coming Soon Countdown coming-soon-countdown allows Reflected XSS.This issue affects Coming Soon Countdown: from n/a through = 2.2...

7.1CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2025/04/04 6:15 a.m.32 views

CVE-2025-2270

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific...

8.1CVSS0.01165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/04 5:22 a.m.6 views

CVE-2025-2270 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific...

8.1CVSS7.8AI score0.01165EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.4 views

WordPress plugin Countdown, Coming Soon, Maintenance 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...

8.1CVSS8.5AI score0.01165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.5 views

PT-2025-14848 · WordPress · Countdown

Name of the Vulnerable Software and Affected Versions: Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress versions up to, and including, 2.8.9.1 Description: The issue allows unauthenticated attackers to include and execute files with specific filenames on the server,...

8.1CVSS9AI score0.01165EPSS
Exploits0References10
Patchstack
Patchstack
added 2025/04/03 9:52 p.m.9 views

WordPress Countdown & Clock plugin <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion vulnerability

Unauthenticated Limited Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin Countdown & Clock versions = 2.8.9.1...

8.1CVSS8.3AI score0.01165EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder