WordPress plugin HurryTimer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-14555 Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Countdown Timer – Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdevartcountdown' shortcode in all versions up to, and including, 2.7.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress plugin Countdown Timer – Widget Countdown 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

Malicious code in @posthog/event-sequence-timer-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector db26ed26bc40e436602c36fa1c507d324e650f5aeba5a15875e59daadc8a5a14 The package @posthog/event-sequence-timer-plugin was found to contain malicious code. Source: google-open-source-security...

CVE-2025-49908

CVE-2025-49908 affects WPClever WPC Countdown Timer for WooCommerce (plugin: wpc-countdown-timer). Versions up to and including 3.1.4 suffer from improper input neutralization during web page generation, enabling Stored Cross-Site Scripting (XSS). Impact per the sources is stored XSS impacting us...

EUVD-2025-3355

Malicious code in bioql PyPI...

CVE-2025-9519

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...

CVE-2025-9519 Easy Timer <= 4.2.1 - Authenticated (Editor+) Remote Code Execution via Shortcode

The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and...

PT-2025-35869

Name of the Vulnerable Software and Affected Versions: Easy Timer plugin for WordPress versions prior to 4.2.2 Description: The Easy Timer plugin for WordPress is susceptible to Remote Code Execution through its shortcodes. This is caused by inadequate restriction of shortcode attributes,...

CVE-2024-13864

The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13864

The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13864 Countdown Timer <= 1.0 - Reflected XSS

The Countdown Timer WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress plugin Countdown Timer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2024-13735

The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible...

WordPress Countdown Timer plugin <= 1.2.4 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Countdown Timer versions = 1.2.4...

PT-2024-39165 · WordPress · The Hurrytimer

Name of the Vulnerable Software and Affected Versions: The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin versions up to, and including, 2.10.0 Description: The issue allows authenticated attackers with contributor-level access and above to publish arbitra...

PT-2024-17933 · Grafana · Grafana

Name of the Vulnerable Software and Affected Versions: Countdown Timer for Elementor WordPress plugin versions prior to 1.3.7 Description: The issue concerns the Countdown Timer for Elementor WordPress plugin, where versions prior to 1.3.7 do not properly sanitise and escape some parameters when...

CVE-2023-47533

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin = 1.8.2 versions...

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. Countdown and CountUp WooCommerce Sales Timer...