CVE-2022-4954

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

WordPress Waiting: One-click Countdowns Plugin <= 0.6.2 SQLi Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:plugin:waiting"; if description...

PT-2023-27196 · WordPress · The Waiting

Name of the Vulnerable Software and Affected Versions: The Waiting: One-click countdowns plugin for WordPress versions up to, and including, 0.6.2 Description: The issue is related to authorization bypass due to missing capability checks on AJAX calls. This allows authenticated attackers with...

CVE-2023-2757

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This...

CVE-2023-28659

The Waiting: One-click Countdowns WordPress Plugin (versions