784 matches found
CVE-2026-27052
CVE-2026-27052 affects the WordPress plugin VillaTheme Sales Countdown Timer for WooCommerce and WordPress (sctv-sales-countdown-timer) prior to version 1.1.9. The issue is Improper Control of Filename for Include/Require, i.e., a Local File Inclusion vulnerability in the plugin, allowing inclusi...
CVE-2026-27052 WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...
WordPress plugin Sales Countdown Timer for WooCommerce and WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-20760
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...
WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Coming Soon Product with Countdown versions = 5.0...
CVE-2026-1654
The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1654
The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1654 Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1654 Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1654
The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-1654
The Peter’s Date Countdown plugin for WordPress (versions ≤ 2.0.0) is affected by a Reflected Cross‑Site Scripting flaw exposed via the PHP_SELF server parameter. This allows unauthenticated attackers to inject scripts into pages that run when a user is tricked into performing an action (e.g., cl...
EUVD-2026-5549
The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress Peter's Date Countdown plugin <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability
Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Peter’s Date Countdown versions = 2.0.0...
PT-2026-6053
Name of the Vulnerable Software and Affected Versions Peter's Date Countdown plugin for WordPress versions prior to 2.0.1 Description The Peter's Date Countdown plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escapin...
📄 D-Link DIR-825 Rev.B 2.10 Buffer Overflow
D-Link DIR-825 Rev.B versions 2.10 and below proof of concept stack buffer overflow denial of service exploit. Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow DoS Google Dork: N/A Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.dlink.com/...
WordPress IMS Countdown plugin <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin IMS Countdown versions = 1.3.5...
WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...
WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...
WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.36...
WordPress Royal Elementor Addons and Templates plugin <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...