cleantalk
Vulnerabilities and Security Researches

Countdown, Coming Soon, Maintenance – Countdown & Clock, CVE-2024-2017

CVE, Research URL

CVE-2024-2017

Home page URL

Security reports for Countdown, Coming Soon, Maintenance – Countdown & Clock

Application

Countdown, Coming Soon, Maintenance – Countdown & Clock

Published on
Jun 06, 2024
Research Description
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject PHP Objects and modify the status of countdowns.
Affected versions
Min -, max 2.7.8.1.
Status
vulnerable
Previous vulnerability researches
Countdown, Coming Soon, Maintenance – Countdown & Clock (CVE-2024-2017) , Jul 22, 2024
Countdown, Coming Soon, Maintenance – Countdown & Clock (CVE-2025-30841) , Apr 04, 2025
Countdown, Coming Soon, Maintenance – Countdown & Clock (CVE-2022-0601) , Jun 07, 2024
Countdown, Coming Soon, Maintenance – Countdown & Clock (CVE-2022-29420) , Jun 07, 2024
Countdown, Coming Soon, Maintenance – Countdown & Clock (CVE-2022-29423) , Jun 07, 2024
New vulnerability
Easy Google Maps (CVE-2025-32138) , Apr 05, 2025
Tockify Events Calendar (CVE-2025-32174) , Apr 05, 2025
Ultra Addons Lite for Elementor (CVE-2025-32192) , Apr 05, 2025
WooCommerce Search, Filters & Merchandising (CVE-2025-32181) , Apr 05, 2025
Link Library (CVE-2025-2889) , Apr 05, 2025