Lucene search
K

154 matches found

NVD
NVD
added 2024/11/09 5:15 a.m.9 views

CVE-2024-10669

The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

4.3CVSS0.003EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/09 4:32 a.m.7 views

CVE-2024-10669 Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure

The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

4.3CVSS6.7AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2024/11/09 4:32 a.m.43 views

CVE-2024-10669

CVE-2024-10669 affects the WordPress plugin “Countdown Timer block – Display the event’s date into a timer.” The issue is Information Exposure via the [ctb] shortcode in all versions up to and including 1.2.4, allowing authenticated users with Contributor-level access or higher to retrieve data f...

4.3CVSS4.4AI score0.003EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/09 4:32 a.m.15 views

CVE-2024-10669 Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure

The Countdown Timer block – Display the events date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

4.3CVSS0.003EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/09 12:0 a.m.6 views

WordPress plugin Countdown Timer block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.1AI score0.003EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/08 10:45 p.m.4 views

WordPress Countdown Timer plugin <= 1.2.4 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Countdown Timer versions = 1.2.4...

4.3CVSS7AI score0.003EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/08 12:0 a.m.4 views

PT-2024-16445 · WordPress · Countdown Timer Block Plugin

Name of the Vulnerable Software and Affected Versions: Countdown Timer block plugin for WordPress versions up to, and including, 1.2.4 Description: The Countdown Timer block plugin for WordPress has an Information Exposure issue due to insufficient restrictions on which posts can be included via...

4.3CVSS7.2AI score0.003EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/11/08 12:0 a.m.10 views

WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure

Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...

4.3CVSS6.8AI score0.003EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/14 3:43 p.m.4 views

CVE-2024-4209

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

5.4CVSS6AI score0.00433EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.1AI score0.00433EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/05/11 1:56 a.m.19 views

CVE-2024-4209 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the countdown timer in all versions up to, and including, 3.2.36 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS6AI score0.00433EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/11 12:0 a.m.5 views

PT-2024-29744 · Kadence Wp · Gutenberg Blocks With Ai By Kadence Wp

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress versions up to, and including, 3.2.36 Description: The issue is related to Stored Cross-Site Scripting via the countdown timer due to insufficient input...

6.4CVSS6.2AI score0.00433EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.5 views

PT-2024-17933 · Grafana · Grafana

Name of the Vulnerable Software and Affected Versions: Countdown Timer for Elementor WordPress plugin versions prior to 1.3.7 Description: The issue concerns the Countdown Timer for Elementor WordPress plugin, where versions prior to 1.3.7 do not properly sanitise and escape some parameters when...

5.9CVSS5.8AI score0.0031EPSS
Exploits1References5
NVD
NVD
added 2024/03/13 4:15 p.m.16 views

CVE-2024-1413

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.4 views

CVE-2024-1413

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.00423EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/13 3:27 p.m.30 views

CVE-2024-1413 Exclusive Addons for Elementor <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00423EPSS
Exploits0References2
CVE
CVE
added 2024/03/13 3:27 p.m.52 views

CVE-2024-1413

CVE-2024-1413 affects Exclusive Addons for Elementor (WordPress). Vulnerable in Countdown Timer widget through Stored XSS in all versions up to 2.6.9 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access (contributor+) and can cause script executio...

6.4CVSS6.1AI score0.00423EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.3 views

WordPress Plugin Exclusive Addons for Elementor Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.5 views

PT-2024-18023 · WordPress · Exclusive Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Exclusive Addons for Elementor plugin for WordPress versions up to, and including, 2.6.9 Description: The issue is related to Stored Cross-Site Scripting via the Countdown Timer widget due to insufficient input sanitization and output escapin...

6.4CVSS7.9AI score0.00423EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.12 views

Exclusive Addons for Elementor < 2.6.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget

Description The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder