CVE-2023-28659

The Waiting: One-click Countdowns WordPress Plugin (versions

CVE-2023-2757

CVE-2023-2757 concerns Waiting: One-click countdowns for WordPress. A missing capability check on saveLang in versions up to 0.6.2 enables authorization bypass, enabling subscriber-level access to plugin data and potentially stored XSS. The Wordfence writeup states the vulnerability is currently ...

CVE-2022-4954

The CVE concerns the WordPress plugin Waiting: One-click countdowns (versions up to and including 0.6.2). The root cause is insufficient input sanitization and output escaping in the Countdown name, enabling Stored Cross‑Site Scripting. Exploitation requires attacker with administrator-level perm...

CVE-2023-3999

CVE-2023-3999 affects The Waiting: One-click countdowns plugin for WordPress. The issue is an authorization bypass caused by missing capability checks on AJAX calls in versions up to and including 0.6.2. This allows authenticated attackers with subscriber-level permissions and above to create and...

CVE-2023-4000

CVE-2023-4000 concerns the WordPress plugin Waiting: One-click countdowns (≤ 0.6.2). The root cause is missing or incorrect nonce validation on AJAX actions, enabling CSRF and allowing unauthenticated attackers to create or delete countdowns if a site admin is tricked into performing an action (e...