VYPR

Countdown & Clock

by WordPress

CVEs (5)

  • CVE-2025-30841CriApr 1, 2025
    risk 0.64cvss 9.9epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock countdown-builder allows Remote Code Inclusion.This issue affects Countdown & Clock: from n/a through <= 2.8.8.

  • CVE-2022-29420MedMay 6, 2022
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2.

  • CVE-2022-29422MedMay 6, 2022
    risk 0.31cvss 4.8epss 0.01

    Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right,…

  • CVE-2022-29421MedMay 6, 2022
    risk 0.31cvss 4.7epss 0.01

    Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.

  • CVE-2022-29423LowMay 6, 2022
    risk 0.25cvss 3.8epss 0.01

    Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.