Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29421: WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat’s Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.

CVE
Open in Source
#xss#vulnerability#web#wordpress

countdown-builder

Software

Countdown & Clock

Vulnerable Versions

<= 2.3.2

Fixed in version

CVE

CVE-2022-29421

References

Credits

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2022-04-28

CVSS 3.0 score

Are your websites subject to this vulnerability?

Details

Reflected Cross-Site Scripting (XSS) vulnerability discovered by Ex.Mi (Patchstack) in WordPress Countdown & Clock plugin (versions <= 2.3.2).

Solution

No patched version is available.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE