2 matches found
CVE-2023-47533
CVE-2023-47533 affects the WordPress plugin Countdown and CountUp, WooCommerce Sales Timer (
CVE-2021-34636
The CVE-2021-34636 entry concerns the Countdown and CountUp, WooCommerce Sales Timers WordPress plugin. A missing nonce check in the save_theme function (~/includes/admin/coundown_theme_page.php) enables CSRF, allowing injection of arbitrary scripts (stored XSS) in versions up to 1.5.7. Connected...