2 matches found
PT-2023-27196 · WordPress · The Waiting
Name of the Vulnerable Software and Affected Versions: The Waiting: One-click countdowns plugin for WordPress versions up to, and including, 0.6.2 Description: The issue is related to authorization bypass due to missing capability checks on AJAX calls. This allows authenticated attackers with...
CVE-2023-2757
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This...