71 matches found
EUVD-2023-51644
Malicious code in bioql PyPI...
EUVD-2024-50179
Malicious code in bioql PyPI...
CVE-2025-5929
The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-5929
The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-5929
The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-5929
CVE-2025-5929 – The Countdown WordPress plugin is reported to have a Stored Cross-Site Scripting vulnerability via the clientId parameter in versions up to and including 2.0.1. The vulnerability requires authentication at Contributor level or higher, and could allow an attacker to inject scripts ...
CVE-2025-5929 The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter
The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
PT-2025-26928 · WordPress · Countdown
Name of the Vulnerable Software and Affected Versions: Countdown plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via the clientId parameter due to insufficient input sanitization and output escaping. This allows...
WordPress plugin The Countdown 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-4384
The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11755
The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2023-47533
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin = 1.8.2 versions...
CVE-2022-3837
The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4954
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...
CVE-2025-32578 WordPress Coming Soon Countdown Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mapro Collins Coming Soon Countdown coming-soon-countdown allows Reflected XSS.This issue affects Coming Soon Countdown: from n/a through = 2.2...
CVE-2025-2270
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific...
CVE-2025-2270 Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific...
WordPress plugin Countdown, Coming Soon, Maintenance 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...
PT-2025-14848 · WordPress · Countdown
Name of the Vulnerable Software and Affected Versions: Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress versions up to, and including, 2.8.9.1 Description: The issue allows unauthenticated attackers to include and execute files with specific filenames on the server,...
WordPress Countdown & Clock plugin <= 2.8.9.1 - Unauthenticated Limited Local File Inclusion vulnerability
Unauthenticated Limited Local File Inclusion vulnerability discovered by mikemyers in WordPress Plugin Countdown & Clock versions = 2.8.9.1...