VYPR

Jquery T Countdown Widget

by WordPress

CVEs (3)

  • CVE-2024-37247MedJun 26, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through 2.3.25.

  • CVE-2024-4783MedMay 23, 2024
    risk 0.42cvss 6.4epss 0.00

    The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2023-0171MedFeb 6, 2023
    risk 0.35cvss 5.4epss 0.01

    The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored…