cleantalk
Vulnerabilities and Security Researches

Countdown Timer for Elementor, CVE-2025-8445

CVE, Research URL

CVE-2025-8445

Home page URL

Security reports for Countdown Timer for Elementor

Application

Countdown Timer for Elementor

Published on
Sep 11, 2025
Research Description
The Countdown Timer for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'countdown_label' Parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.3.9.
Status
vulnerable
Previous vulnerability researches
Leadinfo (CVE-2025-48271) , Jun 04, 2025
Leadinfo (CVE-2024-32112) , Jun 07, 2024
New vulnerability
Image Editor by Pixo (CVE-2025-58232) , Apr 25, 2026
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2025-2799) , Apr 25, 2026
Kubio AI Page Builder (CVE-2025-8487) , Apr 25, 2026
PlayerJS (CVE-2025-58651) , Apr 25, 2026
PilotPress (CVE-2025-58238) , Apr 25, 2026