Lucene search
K

784 matches found

CVE
CVE
added 2026/02/19 8:27 a.m.15 views

CVE-2026-27052

CVE-2026-27052 affects the WordPress plugin VillaTheme Sales Countdown Timer for WooCommerce and WordPress (sctv-sales-countdown-timer) prior to version 1.1.9. The issue is Improper Control of Filename for Include/Require, i.e., a Local File Inclusion vulnerability in the plugin, allowing inclusi...

7.5CVSS5.9AI score0.00316EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/19 8:27 a.m.32 views

CVE-2026-27052 WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...

7.5CVSS0.00316EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

WordPress plugin Sales Countdown Timer for WooCommerce and WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20760

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...

5.5AI score0.00316EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/02/10 11:39 a.m.4 views

WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Coming Soon Product with Countdown versions = 5.0...

5.4AI score0.0047EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.7 views

CVE-2026-1654

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2026/02/05 10:16 a.m.5 views

CVE-2026-1654

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00293EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/05 9:13 a.m.33 views

CVE-2026-1654 Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00293EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/05 9:13 a.m.6 views

CVE-2026-1654 Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 9:13 a.m.5 views

CVE-2026-1654

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References4
CVE
CVE
added 2026/02/05 9:13 a.m.20 views

CVE-2026-1654

The Peter’s Date Countdown plugin for WordPress (versions ≤ 2.0.0) is affected by a Reflected Cross‑Site Scripting flaw exposed via the PHP_SELF server parameter. This allows unauthenticated attackers to inject scripts into pages that run when a user is tricked into performing an action (e.g., cl...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/05 9:13 a.m.9 views

EUVD-2026-5549

The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.6AI score0.00293EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/05 7:19 a.m.10 views

WordPress Peter's Date Countdown plugin <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Peter’s Date Countdown versions = 2.0.0...

6.1CVSS5.3AI score0.00293EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.14 views

PT-2026-6053

Name of the Vulnerable Software and Affected Versions Peter's Date Countdown plugin for WordPress versions prior to 2.0.1 Description The Peter's Date Countdown plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output escapin...

6.1CVSS5.8AI score0.00293EPSS
Exploits0References8
Packet Storm
Packet Storm
added 2026/02/05 12:0 a.m.130 views

📄 D-Link DIR-825 Rev.B 2.10 Buffer Overflow

D-Link DIR-825 Rev.B versions 2.10 and below proof of concept stack buffer overflow denial of service exploit. Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow DoS Google Dork: N/A Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.dlink.com/...

9.8CVSS8.2AI score0.03039EPSS
Exploits3
Patchstack
Patchstack
added 2026/02/03 9:15 a.m.5 views

WordPress IMS Countdown plugin <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin IMS Countdown versions = 1.3.5...

6.4CVSS5.3AI score0.00351EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 1:10 p.m.5 views

WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...

6.4CVSS5.3AI score0.00433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 1:5 p.m.6 views

WordPress The Plus Addons for Elementor plugin <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by Webbernaut in WordPress Plugin The Plus Addons for Elementor Page Builder Lite versions = 5.4.2...

6.4CVSS5.3AI score0.00531EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 9:9 a.m.9 views

WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.36...

6.4CVSS5.3AI score0.00433EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/02 6:44 a.m.6 views

WordPress Royal Elementor Addons and Templates plugin <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Widget vulnerability discovered by zer0gh0st in WordPress Plugin Royal Elementor Addons versions = 1.7.1001...

6.4CVSS7.3AI score0.00399EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder