CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2017 – Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-2017
05 Jun 2024 — The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns. El complemento Countdown, Coming Soon, Maintenance – Countdown & Clock para WordPress es vulnerable al acceso... • https://plugins.trac.wordpress.org/browser/countdown-builder/trunk/classes/Ajax.php#L51 • CWE-862: Missing Authorization •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3392 – Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-3392
11 Sep 2023 — The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. El complemento Read More & Accordion de WordPress anterior a la versión 3.2.7 deserializa la entrada del usuario proporcionada a través de la configuración, lo que podría permitir a los usuarios con altos privilegios, como el administrador, realizar la inyección de objetos PHP cua... • https://wpscan.com/vulnerability/1e733ccf-8026-4831-9863-e505c2aecba6 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29423 – WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-29423
28 Apr 2022 — Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. Una vulnerabilidad en el Bloqueo de Características Pro en el plugin Countdown & Clock versiones anteriores a 2.3.2 incluyéndola en WordPress • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29422 – WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-29422
28 Apr 2022 — Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) autenticadas (admin+) en el p... • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29421 – WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-29421
28 Apr 2022 — Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en el plugin Countdown & Clock de Adam Skaat en WordPress por medio del parámetro vulnerable &ycd_type • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29420 – WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-29420
28 Apr 2022 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Autenticado (admin+) en el plugin Countdown & Clock versiones anteriores a 2.3.2 incluyéndola de Adam Skaat en WordPress, por medio de los parámetros vulnerables &ycd-circle-co... • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0601 – Countdown & Clock < 2.2.9 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-0601
21 Feb 2022 — The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. El plugin Countdown, Coming Soon, Maintenance de WordPress versiones anteriores a 2.2.9, no sanea y escapa del parámetro post antes de devolverlo en una página de administración, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2679245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •