CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Wpdevart: >> Countdown And Countup, Woocommerce Sales Timer >> 1.0.4 Security Vulnerabilities

CVE-2023-47533

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions.

CVSS Score

5.9

EPSS Score

0.001

Published

2023-11-14

CVE-2021-34636

The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7.

CVSS Score

8.8

EPSS Score

0.001

Published

2021-09-28

Page 1

Vulnerabilities

Vulnerable Software

Wpdevart: >> Countdown And Countup, Woocommerce Sales Timer >> 1.0.4 Security Vulnerabilities

Products

Pricing

Contact Us