CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2757

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to access functions to save plugin data that can potentially lead to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 15.0%

CVSS Severity

CVSS v3 Score 7.4

References

Products affected by CVE-2023-2757

Plugin » Waiting » Version: N/A

cpe:2.3:a:plugin:waiting:-
Plugin » Waiting » Version: 0.2.4

cpe:2.3:a:plugin:waiting:0.2.4
Plugin » Waiting » Version: 0.2.5

cpe:2.3:a:plugin:waiting:0.2.5
Plugin » Waiting » Version: 0.2.6

cpe:2.3:a:plugin:waiting:0.2.6
Plugin » Waiting » Version: 0.2.7

cpe:2.3:a:plugin:waiting:0.2.7
Plugin » Waiting » Version: 0.2.8

cpe:2.3:a:plugin:waiting:0.2.8
Plugin » Waiting » Version: 0.3

cpe:2.3:a:plugin:waiting:0.3
Plugin » Waiting » Version: 0.3.1

cpe:2.3:a:plugin:waiting:0.3.1
Plugin » Waiting » Version: 0.3.3

cpe:2.3:a:plugin:waiting:0.3.3
Plugin » Waiting » Version: 0.3.4

cpe:2.3:a:plugin:waiting:0.3.4
Plugin » Waiting » Version: 0.3.5

cpe:2.3:a:plugin:waiting:0.3.5
Plugin » Waiting » Version: 0.3.6

cpe:2.3:a:plugin:waiting:0.3.6
Plugin » Waiting » Version: 0.3.7

cpe:2.3:a:plugin:waiting:0.3.7
Plugin » Waiting » Version: 0.3.8

cpe:2.3:a:plugin:waiting:0.3.8
Plugin » Waiting » Version: 0.3.9

cpe:2.3:a:plugin:waiting:0.3.9
Plugin » Waiting » Version: 0.3.9.1

cpe:2.3:a:plugin:waiting:0.3.9.1
Plugin » Waiting » Version: 0.3.9.2

cpe:2.3:a:plugin:waiting:0.3.9.2
Plugin » Waiting » Version: 0.3.9.3

cpe:2.3:a:plugin:waiting:0.3.9.3
Plugin » Waiting » Version: 0.3.9.4

cpe:2.3:a:plugin:waiting:0.3.9.4
Plugin » Waiting » Version: 0.3.9.5

cpe:2.3:a:plugin:waiting:0.3.9.5
Plugin » Waiting » Version: 0.3.9.6

cpe:2.3:a:plugin:waiting:0.3.9.6
Plugin » Waiting » Version: 0.3.9.7

cpe:2.3:a:plugin:waiting:0.3.9.7
Plugin » Waiting » Version: 0.3.9.8

cpe:2.3:a:plugin:waiting:0.3.9.8
Plugin » Waiting » Version: 0.3.9.9

cpe:2.3:a:plugin:waiting:0.3.9.9
Plugin » Waiting » Version: 0.4

cpe:2.3:a:plugin:waiting:0.4
Plugin » Waiting » Version: 0.4.1

cpe:2.3:a:plugin:waiting:0.4.1
Plugin » Waiting » Version: 0.4.2

cpe:2.3:a:plugin:waiting:0.4.2
Plugin » Waiting » Version: 0.4.3

cpe:2.3:a:plugin:waiting:0.4.3
Plugin » Waiting » Version: 0.4.4

cpe:2.3:a:plugin:waiting:0.4.4
Plugin » Waiting » Version: 0.4.5

cpe:2.3:a:plugin:waiting:0.4.5
Plugin » Waiting » Version: 0.4.7

cpe:2.3:a:plugin:waiting:0.4.7
Plugin » Waiting » Version: 0.4.8

cpe:2.3:a:plugin:waiting:0.4.8
Plugin » Waiting » Version: 0.4.9

cpe:2.3:a:plugin:waiting:0.4.9
Plugin » Waiting » Version: 0.5

cpe:2.3:a:plugin:waiting:0.5
Plugin » Waiting » Version: 0.5.1

cpe:2.3:a:plugin:waiting:0.5.1
Plugin » Waiting » Version: 0.5.2

cpe:2.3:a:plugin:waiting:0.5.2
Plugin » Waiting » Version: 0.5.3

cpe:2.3:a:plugin:waiting:0.5.3
Plugin » Waiting » Version: 0.5.4

cpe:2.3:a:plugin:waiting:0.5.4
Plugin » Waiting » Version: 0.5.5

cpe:2.3:a:plugin:waiting:0.5.5
Plugin » Waiting » Version: 0.5.6

cpe:2.3:a:plugin:waiting:0.5.6
Plugin » Waiting » Version: 0.5.7

cpe:2.3:a:plugin:waiting:0.5.7
Plugin » Waiting » Version: 0.5.8

cpe:2.3:a:plugin:waiting:0.5.8
Plugin » Waiting » Version: 0.5.9

cpe:2.3:a:plugin:waiting:0.5.9
Plugin » Waiting » Version: 0.6.0

cpe:2.3:a:plugin:waiting:0.6.0
Plugin » Waiting » Version: 0.6.1

cpe:2.3:a:plugin:waiting:0.6.1
Plugin » Waiting » Version: 0.6.2

cpe:2.3:a:plugin:waiting:0.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2757

Products

Pricing

Contact Us