4 matches found
EUVD-2021-21286
Malware in sbrugna...
CVE-2021-34636
The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the savetheme function found in the /includes/admin/coundownthemepage.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up t...
CVE-2021-34636 Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting
The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the savetheme function found in the /includes/admin/coundownthemepage.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up t...
CVE-2021-34636
The CVE-2021-34636 entry concerns the Countdown and CountUp, WooCommerce Sales Timers WordPress plugin. A missing nonce check in the save_theme function (~/includes/admin/coundown_theme_page.php) enables CSRF, allowing injection of arbitrary scripts (stored XSS) in versions up to 1.5.7. Connected...