Lucene search
K

71 matches found

Patchstack
Patchstack
added 2025/02/24 3:13 p.m.2 views

WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Smart Maintenance & Countdown versions = 1.2...

7.1CVSS6.2AI score0.00131EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/02/24 2:49 p.m.14 views

CVE-2025-27332 WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in gmnazmul Smart Maintenance & Countdown smart-maintenance-countdown allows Stored XSS.This issue affects Smart Maintenance & Countdown: from n/a through = 1.2...

7.1CVSS0.00131EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.5 views

WordPress Widget Countdown plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Widget Countdown versions = 2.7.1...

6.5CVSS6.1AI score0.00287EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/01/16 6:42 p.m.3 views

WordPress Yet Another Countdown Plugin plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Yet Another Countdown versions = 1.0.1...

6.5CVSS6.1AI score0.00357EPSS
Exploits0Affected Software1
CVE
CVE
added 2025/01/09 3:38 p.m.46 views

CVE-2025-22822

CVE-2025-22822 is a stored XSS vulnerability affecting the WordPress plugin wp-custom-countdown (Bishawjit Das) up to version 2.8, attributed to improper input neutralization during web page generation. Public references in the connected documents confirm the plugin and vulnerability class, but n...

6.5CVSS7.2AI score0.00206EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.4 views

WordPress plugin wp custom countdown 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS7.6AI score0.00206EPSS
Exploits0References1
CVE
CVE
added 2024/12/14 4:23 a.m.42 views

CVE-2024-11755

IMS Countdown for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the Countdown post settings due to insufficient input sanitization and output escaping. Affected versions include all up to 1.3.4 (some sources reference

6.4CVSS7.4AI score0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/14 4:23 a.m.8 views

CVE-2024-11755 IMS Countdown <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS7.4AI score0.00351EPSS
Exploits0References3
CVE
CVE
added 2024/10/30 2:4 a.m.55 views

CVE-2024-9884

The CVE concerns the WordPress plugin T(-) Countdown. A stored XSS flaw exists via the plugin’s tminus shortcode in all versions up to 2.4.8, caused by insufficient input sanitization and output escaping on user-supplied attributes. It affects authenticated users with contributor-level access and...

6.4CVSS5.7AI score0.00337EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/30 12:0 a.m.3 views

WordPress plugin T(-) Countdown 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS5.9AI score0.00337EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/29 12:0 a.m.13 views

WordPress T(-) Countdown Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)

Software T- Countdown Type Plugin Vulnerable versions = 2.4.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9884 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d3f1a528362 Credits theviper17y Required privileg...

6.4CVSS6AI score0.00337EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/21 7:15 a.m.5 views

WordPress CSSable Countdown plugin <= 1.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin CSSable Countdown versions = 1.5...

6.1CVSS6.1AI score0.00354EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/06/21 6:15 a.m.6 views

CVE-2024-4384

The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00354EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/06/21 12:0 a.m.13 views

WordPress CSSable Countdown Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)

Software CSSable Countdown Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4384 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5ddf21dac862 Credits Bob Matyas Required...

6.1CVSS5.7AI score0.00354EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2024/06/06 3:15 a.m.5 views

CVE-2024-2017

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...

5.4CVSS5.8AI score0.00317EPSS
Exploits0References5
NVD
NVD
added 2024/06/06 3:15 a.m.17 views

CVE-2024-2017

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...

5.4CVSS5.2AI score0.00317EPSS
Exploits0References5
CVE
CVE
added 2024/06/06 2:38 a.m.58 views

CVE-2024-2017

CVE-2024-2017 (Countdown, Coming Soon, Maintenance – Countdown & Clock) affects WordPress plugin Countdown Builder on all versions up to 2.7.8. Red Hat’s security entry confirms an unauthorized access flaw caused by a missing capability check in the conditionsRow and switchCountdown functions, al...

5.4CVSS5.6AI score0.00317EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

WordPress plugin Countdown, Coming Soon, Maintenance - Countdown & Clock security vulnerability

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Countdown, Coming...

5.4CVSS6.6AI score0.00317EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.4 views

PT-2024-18629 · WordPress · Countdown

Name of the Vulnerable Software and Affected Versions: The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress versions up to, and including, 2.7.8 Description: The issue is related to a missing capability check on the conditionsRow and switchCountdown functions, allowing...

5.4CVSS7.1AI score0.00317EPSS
Exploits0References12
NVD
NVD
added 2023/10/20 7:15 a.m.12 views

CVE-2022-4954

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

5.5CVSS5.1AI score0.00332EPSS
Exploits0References2
Rows per page
Query Builder