154 matches found
CVE-2025-4783
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4783
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4783
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4783 Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4783 Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.1 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2025-4783
CVE-2025-4783 concerns the WordPress plugin Exclusive Addons for Elementor. It describes a Stored Cross-Site Scripting vulnerability in the Countdown Timer Widget present in all versions up to 2.7.9.1, caused by insufficient input sanitization and output escaping. The issue allows authenticated a...
PT-2025-22909 · WordPress · Exclusive Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.7.9.1 Description: The issue is related to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget due to insufficient input...
CVE-2024-4209
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-10669
The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...
CVE-2024-53743
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aezaz Shaikh Countdown Timer for Elementor countdown-timer-for-elementor allows Stored XSS.This issue affects Countdown Timer for Elementor: from n/a through = 1.3.6...
CVE-2020-36526
A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2024-10631
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
WordPress Countdown Timer plugin <= 1.0.5 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Sakotas in WordPress Plugin Countdown Timer versions = 1.0.5...
CVE-2024-10631
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2024-10631
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2024-10631 Countdown Timer <= 1.0.5 - Contributor+ Stored XSS
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2024-10631 Countdown Timer <= 1.0.5 - Contributor+ Stored XSS
The Countdown Timer for WordPress Block Editor WordPress plugin through 1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
WordPress plugin Countdown Timer for WordPress Block Editor 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2025-21405 · WordPress · Countdown Timer For Wordpress Block Editor
Name of the Vulnerable Software and Affected Versions: Countdown Timer for WordPress Block Editor version 1.0.5 Description: The issue concerns the Countdown Timer for WordPress Block Editor plugin, which does not validate and escape some of its block options before outputting them back in a page...
CVE-2024-11180
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekitcountdowntimertitle parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for...