cleantalk
Vulnerabilities and Security Researches

Easy Timer, CVE-2025-9519

CVE, Research URL

CVE-2025-9519

Home page URL

Security reports for Easy Timer

Application

Easy Timer

Published on
Sep 04, 2025
Research Description
The Easy Timer plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.1 via the plugin's shortcodes. This is due to insufficient restriction of shortcode attributes. This makes it possible for authenticated attackers, with Editor-level access and above, to execute code on the server.
Affected versions
Min -, max 4.2.2.
Status
vulnerable
Previous vulnerability researches
Support Ticket System (CVE-2015-7670) , Jun 10, 2024
New vulnerability
Easy Download Media Counter (CVE-2025-58867) , Sep 06, 2025
WooCommerce Single Page Checkout (CVE-2025-58804) , Sep 06, 2025
New Simple Gallery (CVE-2025-58881) , Sep 06, 2025
LTL Freight Quotes – Day & Ross Edition (CVE-2025-58642) , Sep 06, 2025
Sticky Side Buttons (5050bee0d08fa2179495d87f142ada0e346f4e05) , Sep 06, 2025