cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11755,https://securityvulnerability.io/vulnerability/CVE-2024-11755,Stored Cross-Site Scripting Vulnerability in IMS Countdown Plugin,"The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Ims Countdown,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-14T04:23:40.159Z,0
CVE-2024-10861,https://securityvulnerability.io/vulnerability/CVE-2024-10861,Unauthorized Data Modification Vulnerability in The Popup Box Plugin,"The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress has a design flaw that results in unauthorized modification of critical plugin settings. The vulnerability arises from a lack of proper capability checks in the deactivate_plugin_option() function. As a result, attackers who do not possess authentication can exploit this flaw to manipulate the 'ays_pb_upgrade_plugin' option, potentially leading to arbitrary changes in the plugin's configuration and behavior across all versions up to and including 4.9.7.",Wordpress,"Popup Box – Create Countdown, Coupon, Video, Contact Form Popups",5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-11-16T03:15:00.000Z,0
CVE-2024-10669,https://securityvulnerability.io/vulnerability/CVE-2024-10669,Vulnerability in Countdown Timer Block Could Allow Access to Private Posts,"The Countdown Timer block – Display the event&#039;s date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to.",Wordpress,Countdown Timer Block – Display The Event&#039;s Date Into A Timer.,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-09T04:32:26.918Z,0
CVE-2024-9884,https://securityvulnerability.io/vulnerability/CVE-2024-9884,Stored Cross-Site Scripting Vulnerability in T(-) Countdown Plugin,"The T(-) Countdown plugin for WordPress contains a vulnerability that exposes the system to Stored Cross-Site Scripting attacks. This occurs through the plugin's 'tminus' shortcode across all versions up to and including 2.4.8. The vulnerability arises due to inadequate input sanitization and output escaping for user-supplied attributes. As a result, authenticated attackers with contributor-level access or higher can inject malicious web scripts into pages. These scripts execute upon access, potentially compromising user data and site integrity.",Wordpress,T(-) Countdown,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-10-30T02:04:33.458Z,0
CVE-2024-8667,https://securityvulnerability.io/vulnerability/CVE-2024-8667,Unauthorized Post Publication Vulnerability in HurryTimer Plugin,"The HurryTimer plugin for WordPress & WooCommerce has a significant vulnerability that exposes the system to unauthorized post publication. This security flaw arises due to a missing capability check within the activateCampaign() function, affecting all versions up to and including 2.10.0. As a result, authenticated attackers with contributor-level access or higher can publish arbitrary posts, including those pending review or saved in draft by site administrators. This poses a serious risk to content integrity and overall website security.",Wordpress,Hurrytimer – An Scarcity And Urgency Countdown Timer For WordPress & WooCommerce,4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-10-24T07:35:56.502Z,0
CVE-2024-4384,https://securityvulnerability.io/vulnerability/CVE-2024-4384,Stored Cross-Site Scripting Vulnerability in CSSable Countdown WordPress Plugin,"The CSSable Countdown WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Cssable Countdown,4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-06-21T05:00:04.000Z,true,false,false,,2024-06-21T06:00:04.371Z,0
CVE-2024-3602,https://securityvulnerability.io/vulnerability/CVE-2024-3602,Unauthorized Update of Plugin Settings Due to Missing Capability Check,"The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection.",Wordpress,"Pop Ups, Exit Intent Popups, Email Popups, Banners, Bars, Countdowns And Cart Savers – Promolayer",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-20T02:08:19.025Z,0
CVE-2024-2017,https://securityvulnerability.io/vulnerability/CVE-2024-2017,Unauthorized Access Vulnerability in Countdown & Clock Plugin for WordPress,"The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.",Wordpress,"Countdown, Coming Soon, Maintenance – Countdown & Clock",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-06T02:38:13.733Z,0
CVE-2024-4783,https://securityvulnerability.io/vulnerability/CVE-2024-4783,Stored Cross-Site Scripting Vulnerability in jQuery T(-) Countdown Widget Plugin,"The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Jquery T(-) Countdown Widget,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-23T01:56:18.773Z,0
CVE-2022-45847,https://securityvulnerability.io/vulnerability/CVE-2022-45847,Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability in WordPress Countdown Widget,"A vulnerability exists in the WPAssist.Me WordPress Countdown Widget that allows for Cross-Site Request Forgery (CSRF). This security flaw can lead to the exploitation of the widget, enabling attackers to inject malicious scripts and perform unauthorized actions on behalf of users. The issue specifically affects versions of the Countdown Widget, potentially exposing websites to Cross-Site Scripting (XSS) attacks, where an attacker can execute scripts in the context of a user's session.",Wordpress,WordPress Countdown Widget,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-27T13:48:22.956Z,0
CVE-2024-1120,https://securityvulnerability.io/vulnerability/CVE-2024-1120,Unauthorized Access to System Information in NextMove Lite and Finale Lite Plugins,"The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.",Wordpress,"Nextmove Lite – Thank You Page For WooCommerce,Finale Lite – Sales Countdown Timer & Discount For WooCommerce",5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-03-01T09:31:40.619Z,0
CVE-2022-4950,https://securityvulnerability.io/vulnerability/CVE-2022-4950,Arbitrary Plugin Installation Vulnerability in Cool Plugins for WordPress,"Several WordPress plugins developed by Cool Plugins are susceptible to unauthorized arbitrary plugin installation and activation. This vulnerability allows authenticated attackers, even those with minimal permissions like subscribers, to execute remote code. As a result, they can potentially gain control over the WordPress site, posing significant risks to its integrity and security.",Wordpress,"The Events Calendar Countdown Addon,The Events Calendar Events Notification Bar Addon,Cool Timeline (horizontal & Vertical Timeline),Cryptocurrency Payment & Donation Box – Accept Payments In Any Cryptocurrency On Your WP Site For Free,Events Search For The Events Calendar,Cryptocurrency Widgets For Elementor,Event Single Page Builder For The Event Calendar,Events Shortcodes For The Events Calendar,Cryptocurrency Widgets – Price Ticker & Coins List,Events Widgets For Elementor And The Events Calendar",8.8,HIGH,0.0081599997356534,false,,false,false,false,,,false,false,,2023-06-07T01:51:53.458Z,0
CVE-2023-28659,https://securityvulnerability.io/vulnerability/CVE-2023-28659,Authenticated SQL Injection Vulnerability in Waiting: One-click Countdowns WordPress Plugin,"An authenticated SQL injection vulnerability exists in the Waiting: One-click Countdowns WordPress Plugin. This issue arises from the improper handling of the pbc_down[meta][id] parameter within the pbc_save_downs action, allowing attackers with valid credentials to manipulate SQL queries. Exploiting this vulnerability can lead to unauthorized access to sensitive data within the database, posing a significant risk to the integrity and confidentiality of the application.",Wordpress,Waiting: One-click Countdowns WordPress Plugin,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,,false,false,,2023-03-22T00:00:00.000Z,0
CVE-2023-0171,https://securityvulnerability.io/vulnerability/CVE-2023-0171,jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS,"The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",Wordpress,jQuery T(-) Countdown Widget,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-06T20:15:00.000Z,0
CVE-2022-3837,https://securityvulnerability.io/vulnerability/CVE-2022-3837,Uji Countdown < 2.3.1 - Admin+ Stored XSS,"The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,Uji Countdown,4.8,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-05T16:50:31.492Z,0
CVE-2022-2245,https://securityvulnerability.io/vulnerability/CVE-2022-2245,Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF,"The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks",Wordpress,"Counter Box – WordPress  Plugin For Countdown, Timer, Counter",8.8,HIGH,0.0017099999822676182,false,,false,false,false,,,false,false,,2022-08-01T12:50:45.000Z,0
CVE-2022-29420,https://securityvulnerability.io/vulnerability/CVE-2022-29420,WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability,Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2.,Wordpress,Countdown & Clock (WordPress Plugin),5.9,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-05-06T17:15:00.000Z,0
CVE-2021-25064,https://securityvulnerability.io/vulnerability/CVE-2021-25064,Wow Countdowns <= 3.1.2 - Admin+ SQLi,"The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.",Wordpress,"Wow Countdowns – Easily Create Any Countdowns, Counters And Timers",7.2,HIGH,0.001120000029914081,false,,false,false,false,,,false,false,,2022-03-28T17:21:42.000Z,0
CVE-2022-0601,https://securityvulnerability.io/vulnerability/CVE-2022-0601,Countdown & Clock < 2.2.9 - Reflected Cross-Site Scripting,"The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.",Wordpress,"Countdown, Coming Soon, Maintenance – Countdown & Clock",6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2022-03-14T14:41:38.000Z,0
CVE-2021-34636,https://securityvulnerability.io/vulnerability/CVE-2021-34636,"Countdown and CountUp, WooCommerce Sales Timer <= 1.5.7 Cross-Site Request Forgery to Stored Cross-Site Scripting","The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7.",Wordpress,"Countdown And Countup, WooCommerce Sales Timers",8.8,HIGH,0.0010600000387057662,false,,false,false,false,,,false,false,,2021-09-28T14:15:00.000Z,0
CVE-2021-24633,https://securityvulnerability.io/vulnerability/CVE-2021-24633,Countdown Block < 1.1.2 - Missing Authorisation in AJAX action,"The Countdown Block WordPress plugin before 1.1.2 does not have authorisation in the eb_write_block_css AJAX action, which allows any authenticated user, such as Subscriber, to modify post contents displayed to users.",Wordpress,Countdown Block,4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2021-09-27T15:25:26.000Z,0
CVE-2016-10900,https://securityvulnerability.io/vulnerability/CVE-2016-10900,Cross-Site Scripting Vulnerability in Uji Countdown Plugin for WordPress,"The Uji Countdown plugin for WordPress, before version 2.0.7, is susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking and other malicious activities. Users of earlier versions of this plugin should upgrade to the latest release to mitigate the risk of exploitation.",Wordpress,Uji Countdown,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2019-08-21T12:39:15.000Z,0