cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forhurrytimer hurrytimer

Direction: ascending
Jun 07, 2024

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce # CVE-2024-32556

CVE, Research URL

CVE-2024-32556

Home page URL

Security reports for HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Application

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Date
Apr 18, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer allows Stored XSS.This issue affects HurryTimer: from n/a through 2.9.2.
Affected versions
Min -, max -.
Status
vulnerable
Oct 25, 2024

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce # CVE-2024-8667

CVE, Research URL

CVE-2024-8667

Home page URL

Security reports for HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Application

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Date
Oct 24, 2024
Research Description
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This makes it possible for authenticated attackers, with contributor-level access and above, to publish arbitrary posts like ones they have submitted for review, or a site administrator has in draft.
Affected versions
Min -, max -.
Status
vulnerable
Feb 16, 2025

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce # CVE-2024-13735

CVE, Research URL

CVE-2024-13735

Home page URL

Security reports for HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Application

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Date
Feb 14, 2025
Research Description
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max -.
Status
vulnerable
Jul 05, 2025

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce # CVE-2025-53255

CVE, Research URL

CVE-2025-53255

Home page URL

Security reports for HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Application

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Date
Jun 27, 2025
Research Description
Missing Authorization vulnerability in Nabil Lemsieh HurryTimer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HurryTimer: from n/a through 2.13.1.
Affected versions
Min -, max -.
Status
vulnerable