Edmonsoft: >> Countdown Builder >> 2.4.2 Security Vulnerabilities
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-06-06