CVE-2024-13113
The CVE describes a stored XSS risk in the WordPress plugin Countdown Timer for Elementor (prior to version 1.3.7). The root cause is insufficient sanitisation/escaping of certain parameters when they are output on the page, enabling users with as little as a contributor role to inject scripts. A...