CVE-2023-4000

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to create and delete countdown...

EUVD-2023-53895

Malicious code in bioql PyPI...

EUVD-2023-32320

Malicious code in bioql PyPI...

WordPress Plugin Waiting: One-click countdowns Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Waiting: One-click...

WordPress plugin Waiting: One-click countdowns 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress Plugin One-click countdowns 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2757 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e454859cceb Credits István...

WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to SQL Injection

Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28659 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID bd389c037bcc Credits Joshua Martinelle Tenable Research...

CVE-2023-28659

The Waiting: One-click Countdowns WordPress Plugin, version = 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbcdownmetaid parameter of the pbcsavedowns action...

Waiting: One-click Countdowns <= 0.6.2 - Subscriber+ SQLi

The plugin does not properly sanitise and escape the pbcdownmetaid parameter before using it in a SQL statement via the pbcsavedowns AJAX action, leading to a SQL injection exploitable by any authenticated users, such as subscriber PoC Run the below command in the developer console of the web...