Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:E18E69F7-3D28-4160-AB8E-C5064D894DA0
HistoryApr 28, 2022 - 12:00 a.m.

Countdown & Clock <= 2.3.2 - Admin+ Stored Cross-Site Scripting

2022-04-2800:00:00
wpscan.com
12
plugin
sanitise
escape
settings
high privilege users
admin
stored cross-site scripting attacks
unfiltered_html capability

EPSS

0.001

Percentile

22.9%

JSON

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

Related

nvd 2
patchstack 2
cvelist 2
prion 2
cve 2
cnvd 1
vulnrichment 1
nvd
nvd
CVE-2022-29422
2022-05-06 18:15:10
CVE-2022-29420
2022-05-06 17:15:09
patchstack
patchstack
WordPress Countdown & Clock plugin <= 2.4.7 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
2022-04-28 00:00:00
WordPress Countdown & Clock plugin <= 2.4.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
2022-04-28 00:00:00
cvelist
cvelist
CVE-2022-29422 WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
2022-04-28 00:00:00
CVE-2022-29420 WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
2022-04-28 00:00:00
prion
prion
Cross site scripting
2022-05-06 18:15:00
Cross site scripting
2022-05-06 17:15:00
cve
cve
CVE-2022-29422
2022-05-06 18:15:10
CVE-2022-29420
2022-05-06 17:15:09
cnvd
cnvd
WordPress plugin Countdown
2022-05-09 00:00:00
vulnrichment
vulnrichment
CVE-2022-29420 WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
2022-04-28 00:00:00

EPSS

0.001

Percentile

22.9%

JSON
Related for WPVDB-ID:E18E69F7-3D28-4160-AB8E-C5064D894DA0
nvd2patchstack2cvelist2prion2cve2cnvd1vulnrichment1