5 matches found
CVE-2023-4000
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdown...
PT-2023-27196 · WordPress · The Waiting
Name of the Vulnerable Software and Affected Versions: The Waiting: One-click countdowns plugin for WordPress versions up to, and including, 0.6.2 Description: The issue is related to authorization bypass due to missing capability checks on AJAX calls. This allows authenticated attackers with...
PT-2023-27200 · WordPress · The Waiting
Name of the Vulnerable Software and Affected Versions: The Waiting: One-click countdowns plugin for WordPress versions up to, and including, 0.6.2 Description: The issue is due to missing or incorrect nonce validation on its AJAX actions, making it possible for unauthenticated attackers to create...
CVE-2023-2757
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This...
PT-2023-21213 · WordPress · The Waiting
Name of the Vulnerable Software and Affected Versions: The Waiting: One-click countdowns plugin for WordPress versions up to, and including, 0.6.2 Description: The issue is related to authorization bypass due to a missing capability check on saveLang functions. This could lead to Cross-Site...