cleantalk
Vulnerabilities and Security Researches

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce, CVE-2024-8667

CVE, Research URL

CVE-2024-8667

Home page URL

Security reports for HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Application

HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce

Published on
Oct 24, 2024
Research Description
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This makes it possible for authenticated attackers, with contributor-level access and above, to publish arbitrary posts like ones they have submitted for review, or a site administrator has in draft.
Affected versions
Min -, max 2.11.0.
Status
vulnerable
Previous vulnerability researches
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2024-8667) , Oct 25, 2024
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2024-32556) , Jun 07, 2024
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2025-53255) , Jul 05, 2025
HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce (CVE-2024-13735) , Feb 16, 2025
New vulnerability
Radio Station by netmix® – Manage and play your Show Schedule in WordPress! (CVE-2025-53568) , Jul 05, 2025
RD Contacto (CVE-2025-5933) , Jul 05, 2025
AiBud WP – ChatGPT, OpenAI, Content & Image Generator WordPress plugin (CVE-2025-23968) , Jul 05, 2025
WP Permalink Translator (CVE-2025-53274) , Jul 05, 2025
Soumettre.fr (CVE-2025-4654) , Jul 05, 2025