CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50516 – WordPress Countdown & Clock plugin <= 2.8.0.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-50516
28 Oct 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock allows Stored XSS.This issue affects Countdown & Clock: from n/a through 2.8.0.9. The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers... • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-8-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2017 – Countdown, Coming Soon, Maintenance – Countdown & Clock <= 2.7.8 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-2017
05 Jun 2024 — The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns. El complemento Countdown, Coming Soon, Maintenance – Countdown & Clock para WordPress es vulnerable al acceso... • https://plugins.trac.wordpress.org/browser/countdown-builder/trunk/classes/Ajax.php#L51 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29423 – WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability
https://notcve.org/view.php?id=CVE-2022-29423
28 Apr 2022 — Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. Una vulnerabilidad en el Bloqueo de Características Pro en el plugin Countdown & Clock versiones anteriores a 2.3.2 incluyéndola en WordPress • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29422 – WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2022-29422
28 Apr 2022 — Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. Múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) autenticadas (admin+) en el p... • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29421 – WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-29421
28 Apr 2022 — Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en el plugin Countdown & Clock de Adam Skaat en WordPress por medio del parámetro vulnerable &ycd_type • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29420 – WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-29420
28 Apr 2022 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Autenticado (admin+) en el plugin Countdown & Clock versiones anteriores a 2.3.2 incluyéndola de Adam Skaat en WordPress, por medio de los parámetros vulnerables &ycd-circle-co... • https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •