cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-11755,https://securityvulnerability.io/vulnerability/CVE-2024-11755,Stored Cross-Site Scripting Vulnerability in IMS Countdown Plugin,"The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ims Countdown,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-14T04:23:40.159Z,0
CVE-2024-10861,https://securityvulnerability.io/vulnerability/CVE-2024-10861,Unauthorized Data Modification Vulnerability in The Popup Box Plugin,"The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress has a design flaw that results in unauthorized modification of critical plugin settings. The vulnerability arises from a lack of proper capability checks in the deactivate_plugin_option() function. As a result, attackers who do not possess authentication can exploit this flaw to manipulate the 'ays_pb_upgrade_plugin' option, potentially leading to arbitrary changes in the plugin's configuration and behavior across all versions up to and including 4.9.7.",Wordpress,"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups",5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-11-16T03:15:00.000Z,0
CVE-2024-10669,https://securityvulnerability.io/vulnerability/CVE-2024-10669,Vulnerability in Countdown Timer Block Could Allow Access to Private Posts,"The Countdown Timer block – Display the event&#039;s date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.",Wordpress,Countdown Timer Block – Display The Event&#039;s Date Into A Timer.,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-11-09T04:32:26.918Z,0
CVE-2024-9884,https://securityvulnerability.io/vulnerability/CVE-2024-9884,Stored Cross-Site Scripting Vulnerability in T(-) Countdown Plugin,"The T(-) Countdown plugin for WordPress contains a vulnerability that exposes the system to Stored Cross-Site Scripting attacks. This occurs through the plugin's 'tminus' shortcode across all versions up to and including 2.4.8. The vulnerability arises due to inadequate input sanitization and output escaping for user-supplied attributes. As a result, authenticated attackers with contributor-level access or higher can inject malicious web scripts into pages. These scripts execute upon access, potentially compromising user data and site integrity.",Wordpress,T(-) Countdown,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-10-30T02:04:33.458Z,0
CVE-2024-8667,https://securityvulnerability.io/vulnerability/CVE-2024-8667,Unauthorized Post Publication Vulnerability in HurryTimer Plugin,"The HurryTimer plugin for WordPress & WooCommerce has a significant vulnerability that exposes the system to unauthorized post publication. This security flaw arises due to a missing capability check within the activateCampaign() function, affecting all versions up to and including 2.10.0. As a result, authenticated attackers with contributor-level access or higher can publish arbitrary posts, including those pending review or saved in draft by site administrators. This poses a serious risk to content integrity and overall website security.",Wordpress,Hurrytimer – An Scarcity And Urgency Countdown Timer For WordPress & WooCommerce,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-10-24T07:35:56.502Z,0
CVE-2024-4384,https://securityvulnerability.io/vulnerability/CVE-2024-4384,Stored Cross-Site Scripting Vulnerability in CSSable Countdown WordPress Plugin,"The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Cssable Countdown,4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-06-21T06:00:04.371Z,0
CVE-2024-3602,https://securityvulnerability.io/vulnerability/CVE-2024-3602,Unauthorized Update of Plugin Settings Due to Missing Capability Check,"The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.",Wordpress,"Pop Ups, Exit Intent Popups, Email Popups, Banners, Bars, Countdowns And Cart Savers – Promolayer",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-20T02:08:19.025Z,0
CVE-2024-2017,https://securityvulnerability.io/vulnerability/CVE-2024-2017,Unauthorized Access Vulnerability in Countdown & Clock Plugin for WordPress,"The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.",Wordpress,"Countdown, Coming Soon, Maintenance – Countdown & Clock",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-06-06T02:38:13.733Z,0
CVE-2024-4783,https://securityvulnerability.io/vulnerability/CVE-2024-4783,Stored Cross-Site Scripting Vulnerability in jQuery T(-) Countdown Widget Plugin,"The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Jquery T(-) Countdown Widget,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-23T01:56:18.773Z,0
CVE-2022-45847,https://securityvulnerability.io/vulnerability/CVE-2022-45847,Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability in WordPress Countdown Widget,"A vulnerability exists in the WPAssist.Me WordPress Countdown Widget that allows for Cross-Site Request Forgery (CSRF). This security flaw can lead to the exploitation of the widget, enabling attackers to inject malicious scripts and perform unauthorized actions on behalf of users. The issue specifically affects versions of the Countdown Widget, potentially exposing websites to Cross-Site Scripting (XSS) attacks, where an attacker can execute scripts in the context of a user's session.",Wordpress,WordPress Countdown Widget,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-27T13:48:22.956Z,0
CVE-2024-1120,https://securityvulnerability.io/vulnerability/CVE-2024-1120,Unauthorized Access to System Information in NextMove Lite and Finale Lite Plugins,"The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.",Wordpress,"Nextmove Lite – Thank You Page For WooCommerce,Finale Lite – Sales Countdown Timer & Discount For WooCommerce",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-01T09:31:40.619Z,0
CVE-2022-4954,https://securityvulnerability.io/vulnerability/CVE-2022-4954,Stored Cross-Site Scripting Vulnerability in One-Click Countdown Plugin for WordPress,"The One-click Countdown plugin for WordPress is susceptible to a stored cross-site scripting vulnerability that arises from inadequate input sanitization and output escaping. This flaw allows authenticated users, particularly those with administrator-level access, to inject arbitrary scripts through the Countdown name input. Any web scripts injected will execute when users load the affected pages, potentially leading to unauthorized actions and data exposure.",Wordpress,Waiting: One-click Countdowns,5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-10-20T06:35:14.619Z,0
CVE-2023-3999,https://securityvulnerability.io/vulnerability/CVE-2023-3999,Authorization Bypass Vulnerability in Waiting Plugin for WordPress,"The Waiting: One-click countdowns plugin for WordPress has a significant vulnerability due to insufficient capability checks in its AJAX calls. This flaw allows authenticated users with subscriber-level permissions and above to create, delete countdowns and alter other plugin settings, compromising the integrity of the site. It affects versions up to and including 0.6.2.",Wordpress,Waiting: One-click countdowns,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-4000,https://securityvulnerability.io/vulnerability/CVE-2023-4000,Cross-Site Request Forgery Vulnerability in Waiting One-Click Countdown Plugin for WordPress,"The Waiting: One-click countdowns plugin for WordPress is susceptible to a Cross-Site Request Forgery due to insufficient nonce validation on its AJAX actions in versions up to and including 0.6.2. This vulnerability allows unauthenticated attackers to manipulate countdowns by tricking an unsuspecting site administrator into executing malicious actions, such as clicking a link that could lead to unwanted creation or deletion of countdowns.",Wordpress,Waiting: One-click countdowns,4.3,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2022-4950,https://securityvulnerability.io/vulnerability/CVE-2022-4950,Arbitrary Plugin Installation Vulnerability in Cool Plugins for WordPress,"Several WordPress plugins developed by Cool Plugins are susceptible to unauthorized arbitrary plugin installation and activation. This vulnerability allows authenticated attackers, even those with minimal permissions like subscribers, to execute remote code. As a result, they can potentially gain control over the WordPress site, posing significant risks to its integrity and security.",Wordpress,"The Events Calendar Countdown Addon,The Events Calendar Events Notification Bar Addon,Cool Timeline (horizontal & Vertical Timeline),Cryptocurrency Payment & Donation Box – Accept Payments In Any Cryptocurrency On Your WP Site For Free,Events Search For The Events Calendar,Cryptocurrency Widgets For Elementor,Event Single Page Builder For The Event Calendar,Events Shortcodes For The Events Calendar,Cryptocurrency Widgets – Price Ticker & Coins List,Events Widgets For Elementor And The Events Calendar",8.8,HIGH,0.0081599997356534,false,,false,false,false,,false,false,2023-06-07T01:51:53.458Z,0
CVE-2023-2757,https://securityvulnerability.io/vulnerability/CVE-2023-2757,Authorization Bypass in One-click Countdown Plugin for WordPress,"The One-click Countdown plugin for WordPress is susceptible to an authorization bypass due to an absence of capability checks in the 'saveLang' function. This vulnerability allows subscriber-level attackers to manipulate plugin settings, leading to potential Cross-Site Scripting (XSS) attacks. Insufficient input sanitization and output escaping can allow adversaries to inject arbitrary scripts into pages, which may execute in the context of users accessing these compromised pages.",Wordpress,Waiting: One-click countdowns,5.4,MEDIUM,0.0009800000116229057,false,,false,false,false,,false,false,2023-05-18T03:15:00.000Z,0
CVE-2023-28659,https://securityvulnerability.io/vulnerability/CVE-2023-28659,Authenticated SQL Injection Vulnerability in Waiting: One-click Countdowns WordPress Plugin,"An authenticated SQL injection vulnerability exists in the Waiting: One-click Countdowns WordPress Plugin. This issue arises from the improper handling of the pbc_down[meta][id] parameter within the pbc_save_downs action, allowing attackers with valid credentials to manipulate SQL queries. Exploiting this vulnerability can lead to unauthorized access to sensitive data within the database, posing a significant risk to the integrity and confidentiality of the application.",Wordpress,Waiting: One-click Countdowns WordPress Plugin,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2023-03-22T00:00:00.000Z,0
CVE-2023-0171,https://securityvulnerability.io/vulnerability/CVE-2023-0171,jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS,"The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",Wordpress,jQuery T(-) Countdown Widget,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T20:15:00.000Z,0
CVE-2022-3837,https://securityvulnerability.io/vulnerability/CVE-2022-3837,Uji Countdown < 2.3.1 - Admin+ Stored XSS,"The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,Uji Countdown,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-12-05T16:50:31.492Z,0
CVE-2022-2245,https://securityvulnerability.io/vulnerability/CVE-2022-2245,Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF,"The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks",Wordpress,"Counter Box – WordPress  Plugin For Countdown, Timer, Counter",8.8,HIGH,0.0017099999822676182,false,,false,false,false,,false,false,2022-08-01T12:50:45.000Z,0
CVE-2022-29422,https://securityvulnerability.io/vulnerability/CVE-2022-29422,WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities,"Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters.",Wordpress,Countdown & Clock (WordPress Plugin),4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-05-06T18:15:00.000Z,0
CVE-2022-29421,https://securityvulnerability.io/vulnerability/CVE-2022-29421,WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability,Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.,Wordpress,Countdown & Clock (WordPress Plugin),4.7,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2022-05-06T17:15:00.000Z,0
CVE-2022-29420,https://securityvulnerability.io/vulnerability/CVE-2022-29420,WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability,Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2.,Wordpress,Countdown & Clock (WordPress Plugin),5.9,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-05-06T17:15:00.000Z,0
CVE-2022-29423,https://securityvulnerability.io/vulnerability/CVE-2022-29423,WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability,Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.,Wordpress,Countdown & Clock (WordPress Plugin),3.8,LOW,0.002199999988079071,false,,false,false,false,,false,false,2022-04-28T00:00:00.000Z,0
CVE-2021-25064,https://securityvulnerability.io/vulnerability/CVE-2021-25064,Wow Countdowns <= 3.1.2 - Admin+ SQLi,"The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.",Wordpress,"Wow Countdowns – Easily Create Any Countdowns, Counters And Timers",7.2,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-03-28T17:21:42.000Z,0