CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

Vulnrichment•added 2025/11/11 3:30 a.m.•2 views

CVE-2025-12668 WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS4.8AI score0.00034EPSS

Exploits0References3

Cvelist•added 2025/11/11 3:30 a.m.•5 views

CVE-2025-12668 WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4CVSS0.00034EPSS

Exploits0References3

Positive Technologies•added 2025/11/11 12:0 a.m.•3 views

PT-2025-46291

Name of the Vulnerable Software and Affected Versions WP Count Down Timer plugin for WordPress versions up to and including 1.0.1 Description The WP Count Down Timer plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters of the wp countdown timer shortcode...

6.4CVSS5.2AI score0.00034EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-48701

Malicious code in bioql PyPI...

6.1CVSS6.6AI score0.002EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-28694

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00126EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 8:19 a.m.•4 views

CVE-2024-10669

The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

4.3CVSS6AI score0.00323EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:19 a.m.•7 views

CVE-2022-45847

Cross-Site Request Forgery CSRF vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting XSS.This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1...

6.1CVSS5.1AI score0.002EPSS

Exploits0References1

Cvelist•added 2025/02/25 2:17 p.m.•9 views

CVE-2025-26938 WordPress Countdown Timer block plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Countdown Timer countdown-time allows Stored XSS.This issue affects Countdown Timer: from n/a through = 1.2.6...

6.5CVSS0.00112EPSS

Exploits0References1

Vulnrichment•added 2025/02/25 2:17 p.m.•3 views

CVE-2025-26938 WordPress Countdown Timer block plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

6.5CVSS8.6AI score0.00112EPSS

Exploits0References1

Vulnrichment•added 2024/12/01 9:29 p.m.•11 views

CVE-2024-53743 WordPress Countdown Timer for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aezaz Shaikh Countdown Timer for Elementor countdown-timer-for-elementor allows Stored XSS.This issue affects Countdown Timer for Elementor: from n/a through = 1.3.6...

6.5CVSS8.6AI score0.00156EPSS

Exploits0References1

Patchstack•added 2024/11/08 12:0 a.m.•8 views

WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure

Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...

4.3CVSS6.8AI score0.00323EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/10/28 12:0 a.m.•14 views

WordPress Countdown & Clock Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS)

Software Countdown & Clock Type Plugin Vulnerable versions = 2.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50516 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a62aad6194f2 Credits Hwang Se-yeon Required privilege...

5.9CVSS5.8AI score0.00137EPSS

Exploits0References2Affected Software1

NVD•added 2024/03/27 2:15 p.m.•10 views

CVE-2022-45847

Cross-Site Request Forgery CSRF vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting XSS.This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1...

6.1CVSS6.2AI score0.002EPSS

Exploits0References1

CVE•added 2024/03/27 1:48 p.m.•78 views

CVE-2022-45847

CVE-2022-45847 affects the WordPress Countdown Widget plugin for WordPress. The vulnerability is described as a Cross-Site Request Forgery (CSRF) that leads to Cross-Site Scripting (XSS) and impacts versions from (n/a) through 3.1.9.1. The root cause is CSRF that allows an attacker to induce XSS ...

6.1CVSS5.1AI score0.002EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/03/27 1:48 p.m.•12 views

CVE-2022-45847 WordPress Countdown Widget plugin <= 3.1.9.1 - Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability in WPAssist.Me WordPress Countdown Widget allows Cross-Site Scripting XSS.This issue affects WordPress Countdown Widget: from n/a through 3.1.9.1...

6.1CVSS5.1AI score0.002EPSS

Exploits0References1

Positive Technologies•added 2024/03/27 12:0 a.m.•5 views

PT-2024-11724 · WordPress · Wordpress Countdown Widget

Name of the Vulnerable Software and Affected Versions: WordPress Countdown Widget versions 3.1.9.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Cross-Site Scripting XSS. This means an attacker could potentially trick a user into...

6.1CVSS6.2AI score0.002EPSS

Exploits0References4

Patchstack•added 2023/08/16 12:0 a.m.•17 views

WordPress Countdown Timer Ultimate Plugin <= 2.4 is vulnerable to Broken Access Control

Software Countdown Timer Ultimate Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 02b1dc1f96b2 Credits Abdi Pranata Required...

5.8AI score

Exploits0References2Affected Software1

ATTACKERKB•added 2022/04/28 11:30 a.m.•2 views

CVE-2022-29421

Reflected Cross-Site Scripting XSS vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycdtype vulnerable parameter...

6.1CVSS6.1AI score0.0021EPSS

Exploits0References3Affected Software1

Patchstack•added 2022/04/28 12:0 a.m.•35 views

WordPress Countdown & Clock plugin <= 2.4.7 - Pro Features Lock Bypass vulnerability

Pro Features Lock Bypass vulnerability discovered by Ex.Mi Patchstack in WordPress Countdown & Clock plugin versions = 2.4.7. Solution No patched version is available...

9.8CVSS3.5AI score0.00488EPSS

Exploits0References2Affected Software1

CNNVD•added 2021/09/27 12:0 a.m.•2 views

WordPress 插件访问控制错误漏洞

WordPress Plugin is an open source application plugin for WordPress. An Access Control Error vulnerability exists in the WordPress plugin Countdown Block, which arises from a network system or product that does not properly restrict access to resources from unauthorized roles...

4.3CVSS5.1AI score0.0023EPSS

Exploits2References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by