cleantalk
Vulnerabilities and Security Researches

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce, CVE-2024-13735

CVE, Research URL

CVE-2024-13735

Home page URL

Security reports for HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Application

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Published on
Feb 14, 2025
Research Description
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.12.0.
Status
vulnerable
Previous vulnerability researches
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2024-8667) , Oct 25, 2024
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2024-32556) , Jun 07, 2024
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2025-53255) , Jul 05, 2025
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2024-13735) , Feb 16, 2025
New vulnerability
Radio Station by netmix® – Manage and play your Show Schedule in WordPress! (CVE-2025-53568) , Jul 05, 2025
RD Contacto (CVE-2025-5933) , Jul 05, 2025
AiBud WP – ChatGPT, OpenAI, Content & Image Generator WordPress plugin (CVE-2025-23968) , Jul 05, 2025
WP Permalink Translator (CVE-2025-53274) , Jul 05, 2025
Soumettre.fr (CVE-2025-4654) , Jul 05, 2025