3 matches found
CVE-2025-5929
The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
CVE-2025-5929 The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter
The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...
WordPress The Countdown plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via clientId Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin The Countdown – Block Countdown Timer versions = 2.0.1...