cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4954,https://securityvulnerability.io/vulnerability/CVE-2022-4954,Stored Cross-Site Scripting Vulnerability in One-Click Countdown Plugin for WordPress,"The One-click Countdown plugin for WordPress is susceptible to a stored cross-site scripting vulnerability that arises from inadequate input sanitization and output escaping. This flaw allows authenticated users, particularly those with administrator-level access, to inject arbitrary scripts through the Countdown name input. Any web scripts injected will execute when users load the affected pages, potentially leading to unauthorized actions and data exposure.",Wordpress,Waiting: One-click Countdowns,5.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-10-20T06:35:14.619Z,0
CVE-2023-3999,https://securityvulnerability.io/vulnerability/CVE-2023-3999,Authorization Bypass Vulnerability in Waiting Plugin for WordPress,"The Waiting: One-click countdowns plugin for WordPress has a significant vulnerability due to insufficient capability checks in its AJAX calls. This flaw allows authenticated users with subscriber-level permissions and above to create, delete countdowns and alter other plugin settings, compromising the integrity of the site. It affects versions up to and including 0.6.2.",Wordpress,Waiting: One-click countdowns,4.3,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-4000,https://securityvulnerability.io/vulnerability/CVE-2023-4000,Cross-Site Request Forgery Vulnerability in Waiting One-Click Countdown Plugin for WordPress,"The Waiting: One-click countdowns plugin for WordPress is susceptible to a Cross-Site Request Forgery due to insufficient nonce validation on its AJAX actions in versions up to and including 0.6.2. This vulnerability allows unauthenticated attackers to manipulate countdowns by tricking an unsuspecting site administrator into executing malicious actions, such as clicking a link that could lead to unwanted creation or deletion of countdowns.",Wordpress,Waiting: One-click countdowns,4.3,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2023-08-31T06:15:00.000Z,0
CVE-2023-2757,https://securityvulnerability.io/vulnerability/CVE-2023-2757,Authorization Bypass in One-click Countdown Plugin for WordPress,"The One-click Countdown plugin for WordPress is susceptible to an authorization bypass due to an absence of capability checks in the 'saveLang' function. This vulnerability allows subscriber-level attackers to manipulate plugin settings, leading to potential Cross-Site Scripting (XSS) attacks. Insufficient input sanitization and output escaping can allow adversaries to inject arbitrary scripts into pages, which may execute in the context of users accessing these compromised pages.",Wordpress,Waiting: One-click countdowns,5.4,MEDIUM,0.0009800000116229057,false,,false,false,false,,false,false,2023-05-18T03:15:00.000Z,0
CVE-2023-28659,https://securityvulnerability.io/vulnerability/CVE-2023-28659,Authenticated SQL Injection Vulnerability in Waiting: One-click Countdowns WordPress Plugin,"An authenticated SQL injection vulnerability exists in the Waiting: One-click Countdowns WordPress Plugin. This issue arises from the improper handling of the pbc_down[meta][id] parameter within the pbc_save_downs action, allowing attackers with valid credentials to manipulate SQL queries. Exploiting this vulnerability can lead to unauthorized access to sensitive data within the database, posing a significant risk to the integrity and confidentiality of the application.",Wordpress,Waiting: One-click Countdowns WordPress Plugin,8.8,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2023-03-22T00:00:00.000Z,0