VYPR

Hurrytimer

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-32556MedApr 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer allows Stored XSS.This issue affects HurryTimer: from n/a through 2.9.2.

  • CVE-2024-13735MedFeb 14, 2025
    risk 0.35cvss 6.4epss 0.00

    The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name.…

  • CVE-2025-53255MedJun 27, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HurryTimer: from n/a through <= 2.13.1.

  • CVE-2024-8667MedOct 24, 2024
    risk 0.21cvss 4.3epss 0.00

    The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This…