Database
arrow right Countdown & Clock 5
arrow right #ed616db6668b
API Monitor free
Report
arrow right To plugin page
Not fixed

WordPress Countdown & Clock plugin <= 2.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

4.8
CVSS 3.1 score Medium severity
Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website arrow right
Software
Countdown & Clock
Type
Plugin
Vulnerable versions
<= 2.3.2
Fixed in
N/A
PSID
ed616db6668b
CVE ID
CVE-2022-29420
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires high role user authentication like admin.
Credits
Jeong Wonjun aka Pongchi (Patchstack Alliance)
Publicly disclosed
2022-04-28

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Jeong Wonjun aka Pongchi (Patchstack Alliance) in WordPress Countdown & Clock plugin (versions <= 2.3.2).

Solution

No patched version is available.

References

CVE-2022-29420 Plugin changelog

Other known vulnerabilities for Countdown & Clock

Pro Features Lock Bypass vulnerability

<= 2.3.2

3.8

28.04.2022

Reflected CrossSite Scripting (XSS) vulnerability

<= 2.3.2

4.7

28.04.2022

Multiple Authenticated Persistent CrossSite Scripting (XSS) vulnerabilities

<= 2.3.2

4.8

28.04.2022

Reflected CrossSite Scripting (XSS) vulnerability

<= 2.2.8

6.1

21.02.2022

Submit vulnerabilities and become a verified Alliance member

Learn more

All solutions

WordPress security Plugin auditing Vulnerability database Vulnerability API Bug bounty program BETA

WordPress security

Patchstack for WordPress For agencies NEW Pricing & features Documentation Changelog

Patchstack

About us Careers Media kit Insights & articles

Social

WordPress security Plugin auditing Vulnerability database Vulnerability API Bug bounty program BETA
Patchstack for WordPress For agencies NEW Pricing & features Documentation Changelog
About us Careers Media kit Insights & articles
DPA Privacy Policy Terms & Conditions

All solutions

WordPress security Plugin auditing Vulnerability database Vulnerability API Bug bounty program BETA

WordPress Security

Patchstack for WordPress For agencies NEW Pricing & features Documentation Changelog

Patchstack

About us Careers Media kit Insights & articles

Social

© 2022 Patchstack

DPA Privacy Policy T&C

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close