EUVD-2022-34523

Malicious code in bioql PyPI...

CVE-2022-2245

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

CVE-2024-13901 Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting

The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This...

CVE-2024-13901 Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting

The Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This...

WordPress plugin Counter Box 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-24715 WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Wow-Company Counter Box counter-box allows Cross Site Request Forgery.This issue affects Counter Box: from n/a through = 2.0.5...

CVE-2025-24715

CVE-2025-24715 pertains to the WordPress Counter Box plugin. A CSRF in Counter Box (versions

WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Khang Duong in WordPress Plugin Counter Box versions = 2.0.5...

WordPress plugin Counter Box 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...

WordPress Counter Box plugin < 1.2.4 - Counter Deletion via CSRF vulnerability

Counter Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Counter Box versions 1.2.4...

CVE-2024-3481

The Counter Box WordPress plugin before 1.2.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks...

PT-2024-26206 · WordPress · Counter Box

Name of the Vulnerable Software and Affected Versions: The Counter Box WordPress plugin versions prior to 1.2.4 Description: The issue is related to the lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting counte...

Counter Box < 1.2.4 - Counter Deletion via CSRF

Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

CVE-2022-2245

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

PT-2022-15439 · WordPress · Counter Box

Name of the Vulnerable Software and Affected Versions: The Counter Box WordPress plugin versions prior to 1.2.1 Description: The issue is related to a lack of CSRF check when activating and deactivating counters. This could allow attackers to make a logged-in admin perform such actions via CSRF...

CVE-2022-29446

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Counter Box plugin = 1.1.1 at WordPress...

CVE-2022-29446

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Counter Box plugin = 1.1.1 at WordPress...

Design/Logic Flaw

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Counter Box plugin = 1.1.1 at WordPress...

CVE-2022-29446 WordPress Counter Box plugin <= 1.1.1 - Authenticated Local File Inclusion (LFI) vulnerability

Authenticated administrator or higher role Local File Inclusion LFI vulnerability in Wow-Company's Counter Box plugin = 1.1.1 at WordPress...