Vulnerabilities and security researches foruji-countdown uji-countdown

Jun 06, 2024

CVE, Research URL: CVE-2016-10900
Home page URL: Security reports for Uji Countdown
Application: Uji Countdown
Date: Aug 21, 2019
Research Description: The uji-countdown plugin before 2.0.7 for WordPress has XSS.
Affected versions: max 2.0.7.
Status: vulnerable

CVE, Research URL: CVE-2022-3837
Home page URL: Security reports for Uji Countdown
Application: Uji Countdown
Date: Dec 05, 2022
Research Description: The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 2.3.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-52749
Home page URL: Security reports for Uji Countdown
Application: Uji Countdown
Date: Oct 22, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Activity Track Uji Countdown uji-countdown allows Reflected XSS.This issue affects Uji Countdown: from n/a through <= 2.3.3.
Affected versions: max 2.3.3.
Status: vulnerable