Get Started

WordPress: Stored XSS Vulnerability in Countdown Timer Plugin

by the Hossted team
11.03.2025

In Countdown Timer plugin for WordPress versions 1.0 and prior a medium severity vulnerability CVE-2024-13864 was detected. This vulnerability allows attackers to inject arbitrary web scripts due to insufficient input sanitization and output escaping, leading to Stored Cross-Site Scripting (XSS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13864.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR