23 matches found
CVE-2023-4000
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdown...
EUVD-2025-60939
The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...
CVE-2025-12665 Ninja Countdown <= 1.5.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Countdown Deletion
The Ninja Countdown | Fastest Countdown Builder plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ninjacountdownadminajax' AJAX endpoint in all versions up to, and including, 1.5.0. This makes it possible for authenticated attackers, with...
PT-2025-46289
Name of the Vulnerable Software and Affected Versions Ninja Countdown | Fastest Countdown Builder plugin for WordPress versions through 1.5.0 Description The plugin is susceptible to unauthorized data loss because of a missing capability check on the 'ninja countdown admin ajax' API endpoint...
EUVD-2021-11976
Malware in sbrugna...
EUVD-2023-53895
Malicious code in bioql PyPI...
EUVD-2023-32320
Malicious code in bioql PyPI...
CVE-2021-25064
The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection...
WordPress Plugin Waiting: One-click countdowns Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Waiting: One-click...
CVE-2023-4000
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdown...
CVE-2023-4000 Waiting: One-click countdowns <= 0.6.2 - Cross-Site Request Forgery
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdown...
WordPress plugin Waiting: One-click countdowns 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress plugin Waiting: One-click countdowns 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Plugin One-click countdowns 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)
Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2757 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e454859cceb Credits István...
WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to SQL Injection
Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28659 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID bd389c037bcc Credits Joshua Martinelle Tenable Research...
CVE-2023-28659
The Waiting: One-click Countdowns WordPress Plugin, version = 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbcdownmetaid parameter of the pbcsavedowns action...
CVE-2023-28659
The Waiting: One-click Countdowns WordPress Plugin, version = 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbcdownmetaid parameter of the pbcsavedowns action...
Waiting: One-click Countdowns <= 0.6.2 - Subscriber+ SQLi
The plugin does not properly sanitise and escape the pbcdownmetaid parameter before using it in a SQL statement via the pbcsavedowns AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Run the below command in the developer console of the web...
CVE-2021-25064
Consolidated details for CVE-2021-25064 show: affected product is the WordPress Wow Countdowns plugin up to version 3.1.2. The root cause is improper sanitization of the did parameter, which is directly used in a SQL statement, resulting in an authenticated SQL Injection. Exploitation evidence ap...