Lucene search

Countdown Builder Security Vulnerabilities - November

cve

CVE-2022-29420

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2.

5.9CVSS

5.2AI Score

0.001EPSS

2022-05-06 05:15 PM

cve

CVE-2022-29421

Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.

6.1CVSS

6AI Score

0.001EPSS

2022-05-06 05:15 PM

cve

CVE-2022-29422

Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &...

4.8CVSS

5.1AI Score

0.001EPSS

2022-05-06 06:15 PM

cve

CVE-2022-29423

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.

9.8CVSS

9.4AI Score

0.002EPSS

2022-05-06 06:15 PM

cve

CVE-2024-2017

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers,...

5.4CVSS

6.4AI Score

0.001EPSS

2024-06-06 03:15 AM