Lucene search
K

4 matches found

Circl
Circl
added 2021/09/28 6:35 p.m.8 views

CVE-2021-34636

creationtimestamp| type| source ---|---|--- 2021-09-28 18:35:57+00:00| seen| https://t.me/cibsecurity/29568...

8.8CVSS8.1AI score0.00605EPSS
Exploits0References1
CVE
CVE
added 2021/09/28 1:53 p.m.43 views

CVE-2021-34636

The CVE-2021-34636 entry concerns the Countdown and CountUp, WooCommerce Sales Timers WordPress plugin. A missing nonce check in the save_theme function (~/includes/admin/coundown_theme_page.php) enables CSRF, allowing injection of arbitrary scripts (stored XSS) in versions up to 1.5.7. Connected...

8.8CVSS8.6AI score0.00605EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2021/09/28 1:53 p.m.8 views

CVE-2021-34636 Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the savetheme function found in the /includes/admin/coundownthemepage.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up t...

8.8CVSS8.6AI score0.00605EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/09/28 1:53 p.m.28 views

CVE-2021-34636 Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the savetheme function found in the /includes/admin/coundownthemepage.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up t...

8.8CVSS8.7AI score0.00605EPSS
Exploits0References2
Rows per page
Query Builder