CVE-2025-12668 WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-12668 WP Count Down Timer <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Count Down Timer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters of the 'wpcountdowntimer' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2025-46291

Name of the Vulnerable Software and Affected Versions WP Count Down Timer plugin for WordPress versions up to and including 1.0.1 Description The WP Count Down Timer plugin for WordPress is susceptible to Stored Cross-Site Scripting through multiple parameters of the wp countdown timer shortcode...

CVE-2024-10669

The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the ctb shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated...

CVE-2025-26938 WordPress Countdown Timer block plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Countdown Timer countdown-time allows Stored XSS.This issue affects Countdown Timer: from n/a through = 1.2.6...

CVE-2025-26938 WordPress Countdown Timer block plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Countdown Timer countdown-time allows Stored XSS.This issue affects Countdown Timer: from n/a through = 1.2.6...

CVE-2024-53743 WordPress Countdown Timer for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aezaz Shaikh Countdown Timer for Elementor countdown-timer-for-elementor allows Stored XSS.This issue affects Countdown Timer for Elementor: from n/a through = 1.3.6...

WordPress Countdown Timer Plugin <= 1.2.4 is vulnerable to Sensitive Data Exposure

Software Countdown Timer Type Plugin Vulnerable versions = 1.2.4 Fixed in 1.2.5 OWASP Top 10 A3: Injection Classification Sensitive Data Exposure CVE CVE-2024-10669 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 97d2e3a5c021 Credits Francesco Carlucci Required privilege...

WordPress Countdown Timer Ultimate Plugin <= 2.4 is vulnerable to Broken Access Control

Software Countdown Timer Ultimate Type Plugin Vulnerable versions = 2.4 Fixed in 2.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 02b1dc1f96b2 Credits Abdi Pranata Required...