Vulnerabilities and security researches forcountdown-builder countdown-builder

Apr 05, 2025

CVE, Research URL: CVE-2025-2270
Home page URL: Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock
Application: Countdown, Coming Soon, Maintenance – Countdown & Clock
Date: Apr 04, 2025
Research Description: The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.9.1 via the createCdObj function. This makes it possible for unauthenticated attackers to include and execute files with the specific filenames on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in some cases.
Affected versions: Min -, max -.
Status: vulnerable

Apr 04, 2025

CVE, Research URL: CVE-2025-30841
Home page URL: Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock
Application: Countdown, Coming Soon, Maintenance – Countdown & Clock
Date: Apr 02, 2025
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a through 2.8.8.
Affected versions: Min -, max -.
Status: vulnerable

Nov 01, 2024

CVE, Research URL: CVE-2024-50516
Home page URL: Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock
Application: Countdown, Coming Soon, Maintenance – Countdown & Clock
Date: Nov 19, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock allows Stored XSS.This issue affects Countdown & Clock: from n/a through 2.8.0.9.
Affected versions: Min -, max -.
Status: vulnerable

Jul 22, 2024

CVE, Research URL: CVE-2024-2017
Home page URL: Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock
Application: Countdown, Coming Soon, Maintenance – Countdown & Clock
Date: Jun 06, 2024
Research Description: The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-0601
Home page URL: Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock
Application: Countdown, Coming Soon, Maintenance – Countdown & Clock
Date: Mar 14, 2022
Research Description: The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-29420
Home page URL: Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock
Application: Countdown, Coming Soon, Maintenance – Countdown & Clock
Date: May 06, 2022
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-29423
Home page URL: Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock
Application: Countdown, Coming Soon, Maintenance – Countdown & Clock
Date: May 06, 2022
Research Description: Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-29421
Home page URL: Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock
Application: Countdown, Coming Soon, Maintenance – Countdown & Clock
Date: May 06, 2022
Research Description: Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-29422
Home page URL: Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock
Application: Countdown, Coming Soon, Maintenance – Countdown & Clock
Date: May 06, 2022
Research Description: Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters.
Affected versions: Min -, max -.
Status: vulnerable