CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

154 matches found

Patchstack•added 2026/04/14 11:37 a.m.•2 views

WordPress Countdown Timer Ultimate plugin <= 2.6.9 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin Countdown Timer Ultimate versions = 2.6.9...

5.8AI score

Exploits0References1Affected Software1

RedhatCVE•added 2026/02/20 1:26 p.m.•1 views

CVE-2026-27052

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in villatheme Sales Countdown Timer for WooCommerce and WordPress sctv-sales-countdown-timer allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce...

7.5CVSS5.9AI score0.0017EPSS

Exploits0References1

NVD•added 2026/02/19 9:16 a.m.•2 views

CVE-2026-27052

7.5CVSS0.0017EPSS

Exploits0References1

Cvelist•added 2026/02/19 8:27 a.m.•27 views

CVE-2026-27052 WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability

7.5CVSS0.0017EPSS

Exploits0References1

CVE•added 2026/02/19 8:27 a.m.•8 views

CVE-2026-27052

CVE-2026-27052 affects the WordPress plugin VillaTheme Sales Countdown Timer for WooCommerce and WordPress (sctv-sales-countdown-timer) prior to version 1.1.9. The issue is Improper Control of Filename for Include/Require, i.e., a Local File Inclusion vulnerability in the plugin, allowing inclusi...

7.5CVSS5.9AI score0.0017EPSS

Exploits0References1

ATTACKERKB•added 2026/02/19 8:27 a.m.•1 views

CVE-2026-27052

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in VillaTheme Sales Countdown Timer for WooCommerce and WordPress allows PHP Local File Inclusion.This issue affects Sales Countdown Timer for WooCommerce and WordPress: from n/a...

7.5CVSS5.8AI score0.0017EPSS

Exploits0References3

CNNVD•added 2026/02/19 12:0 a.m.•4 views

WordPress plugin Sales Countdown Timer for WooCommerce and WordPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.8AI score0.0017EPSS

Exploits0References2

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20760

5.5AI score0.0017EPSS

Exploits0References1

Patchstack•added 2026/02/02 9:9 a.m.•4 views

WordPress Gutenberg Blocks by Kadence Blocks plugin <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Countdown Timer vulnerability discovered by Webbernaut in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.2.36...

6.4CVSS5.3AI score0.00284EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/13 10:53 p.m.•2 views

CVE-2025-14555

The Countdown Timer – Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdevartcountdown' shortcode in all versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5AI score0.00059EPSS

Exploits0References1

Patchstack•added 2026/01/12 1:6 p.m.•5 views

WordPress Sales Countdown Timer for WooCommerce and WordPress plugin <= 1.1.8.1 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Sales Countdown Timer for WooCommerce and WordPress versions = 1.1.8.1...

7.5CVSS5.5AI score0.0017EPSS

Exploits0Affected Software1

NVD•added 2026/01/10 1:15 p.m.•4 views

CVE-2025-14555

6.4CVSS0.00059EPSS

Exploits0References5

Vulnrichment•added 2026/01/10 12:23 p.m.•1 views

CVE-2025-14555 Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS4.7AI score0.00059EPSS

Exploits0References5

EUVD•added 2026/01/10 12:23 p.m.•1 views

EUVD-2026-1847

6.4CVSS4.6AI score0.00059EPSS

Exploits0References7

Cvelist•added 2026/01/10 12:23 p.m.•20 views

CVE-2025-14555 Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4CVSS0.00059EPSS

Exploits0References5

CVE•added 2026/01/10 12:23 p.m.•10 views

CVE-2025-14555

CVE-2025-14555 affects the WordPress plugin “Countdown Timer – Widget Countdown.” The vulnerability is a stored XSS via the plugin’s shortcode wpdevart_countdown in versions up to 2.7.7, caused by insufficient input sanitization and output escaping on user-supplied shortcode attributes. The impac...

6.4CVSS4.7AI score0.00059EPSS

Exploits0References5

Positive Technologies•added 2026/01/10 12:0 a.m.•2 views

PT-2026-1745

Name of the Vulnerable Software and Affected Versions Countdown Timer – Widget Countdown plugin for WordPress versions prior to 2.7.8 Description The plugin is susceptible to Stored Cross-Site Scripting through the 'wpdevart countdown' shortcode due to inadequate input sanitization and output...

6.4CVSS5.8AI score0.00059EPSS

Exploits0References10

CNNVD•added 2026/01/10 12:0 a.m.•1 views

WordPress plugin Countdown Timer – Widget Countdown 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.9AI score0.00059EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 8:47 a.m.•3 views

CVE-2025-23699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in techmix Event Countdown Timer Plugin by TechMix event-countdown-timer allows Reflected XSS.This issue affects Event Countdown Timer Plugin by TechMix: from n/a through = 1.4...

7.1CVSS7.2AI score0.00206EPSS

Exploits0References1

RedhatCVE•added 2025/11/12 3:46 a.m.•7 views

CVE-2025-12668

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.1AI score0.00031EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by