cleantalk
Vulnerabilities and Security Researches

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce, CVE-2026-24392

CVE, Research URL

CVE-2026-24392

Home page URL

Security reports for HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Application

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Published on
Feb 19, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a through <= 2.14.2.
Affected versions
max 2.14.2.
Status
vulnerable
Previous vulnerability researches
Availability Calendar (CVE-2023-48744) , Jun 07, 2024
Availability Calendar (CVE-2021-24604) , Jun 07, 2024
Availability Calendar (CVE-2021-24606) , Jun 07, 2024
New vulnerability
Complianz &#8211; GDPR/CCPA Cookie Consent (CVE-2025-11185) , Feb 27, 2026
HurryTimer &#8211; An Scarcity and Urgency Countdown Timer for WordPress &amp; WooCommerce (CVE-2026-24392) , Feb 27, 2026
Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics (CVE-2026-25407) , Feb 27, 2026
WP Activity Log (CVE-2026-25331) , Feb 27, 2026
Yoast Duplicate Post (CVE-2019-25314) , Feb 27, 2026