Database
arrow right Countdown & Clock 5
arrow right #7080e567fc4b
API Monitor free
Report
arrow right To plugin page
Not fixed

WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities

4.8
CVSS 3.1 score Medium severity
Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website arrow right
Software
Countdown & Clock
Type
Plugin
Vulnerable versions
<= 2.3.2
Fixed in
N/A
PSID
7080e567fc4b
CVE ID
CVE-2022-29422
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Credits
Ex.Mi (Patchstack)
Publicly disclosed
2022-04-28

Details

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities discovered by Ex.Mi in WordPress Countdown & Clock plugin (versions <= 2.3.2).

Solution

No patched version is available.

References

CVE-2022-29422 Plugin page

Other known vulnerabilities for Countdown & Clock

Authenticated Stored CrossSite Scripting (XSS) vulnerability

<= 2.3.2

4.8

28.04.2022

Pro Features Lock Bypass vulnerability

<= 2.3.2

3.8

28.04.2022

Reflected CrossSite Scripting (XSS) vulnerability

<= 2.3.2

4.7

28.04.2022

Reflected CrossSite Scripting (XSS) vulnerability

<= 2.2.8

6.1

21.02.2022

Submit vulnerabilities and become a verified Alliance member

Learn more

All solutions

WordPress security Plugin auditing Vulnerability database Vulnerability API Bug bounty program BETA

WordPress security

Patchstack for WordPress For agencies NEW Pricing & features Documentation Changelog

Patchstack

About us Careers Media kit Insights & articles

Social

WordPress security Plugin auditing Vulnerability database Vulnerability API Bug bounty program BETA
Patchstack for WordPress For agencies NEW Pricing & features Documentation Changelog
About us Careers Media kit Insights & articles
DPA Privacy Policy Terms & Conditions

All solutions

WordPress security Plugin auditing Vulnerability database Vulnerability API Bug bounty program BETA

WordPress Security

Patchstack for WordPress For agencies NEW Pricing & features Documentation Changelog

Patchstack

About us Careers Media kit Insights & articles

Social

© 2022 Patchstack

DPA Privacy Policy T&C

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close