71 matches found
WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Smart Maintenance & Countdown versions = 1.2...
CVE-2025-27332 WordPress Smart Maintenance & Countdown Plugin <= 1.2 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in gmnazmul Smart Maintenance & Countdown smart-maintenance-countdown allows Stored XSS.This issue affects Smart Maintenance & Countdown: from n/a through = 1.2...
WordPress Widget Countdown plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin Widget Countdown versions = 2.7.1...
WordPress Yet Another Countdown Plugin plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Yet Another Countdown versions = 1.0.1...
CVE-2025-22822
CVE-2025-22822 is a stored XSS vulnerability affecting the WordPress plugin wp-custom-countdown (Bishawjit Das) up to version 2.8, attributed to improper input neutralization during web page generation. Public references in the connected documents confirm the plugin and vulnerability class, but n...
WordPress plugin wp custom countdown 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-11755
IMS Countdown for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the Countdown post settings due to insufficient input sanitization and output escaping. Affected versions include all up to 1.3.4 (some sources reference
CVE-2024-11755 IMS Countdown <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2024-9884
The CVE concerns the WordPress plugin T(-) Countdown. A stored XSS flaw exists via the plugin’s tminus shortcode in all versions up to 2.4.8, caused by insufficient input sanitization and output escaping on user-supplied attributes. It affects authenticated users with contributor-level access and...
WordPress plugin T(-) Countdown 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress T(-) Countdown Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)
Software T- Countdown Type Plugin Vulnerable versions = 2.4.8 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9884 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d3f1a528362 Credits theviper17y Required privileg...
WordPress CSSable Countdown plugin <= 1.5 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin CSSable Countdown versions = 1.5...
CVE-2024-4384
The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress CSSable Countdown Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)
Software CSSable Countdown Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4384 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5ddf21dac862 Credits Bob Matyas Required...
CVE-2024-2017
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...
CVE-2024-2017
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...
CVE-2024-2017
CVE-2024-2017 (Countdown, Coming Soon, Maintenance – Countdown & Clock) affects WordPress plugin Countdown Builder on all versions up to 2.7.8. Red Hat’s security entry confirms an unauthorized access flaw caused by a missing capability check in the conditionsRow and switchCountdown functions, al...
WordPress plugin Countdown, Coming Soon, Maintenance - Countdown & Clock security vulnerability
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Countdown, Coming...
PT-2024-18629 · WordPress · Countdown
Name of the Vulnerable Software and Affected Versions: The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress versions up to, and including, 2.7.8 Description: The issue is related to a missing capability check on the conditionsRow and switchCountdown functions, allowing...
CVE-2022-4954
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...