HurryTimer

CVEs (4)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-24392	HurryTimer HurryTimer	Med	0.38	5.9	Feb 19, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a through <= 2.14.2.
CVE-2025-53255	HurryTimer HurryTimer	Med	0.34	5.3	Jun 27, 2025	Missing Authorization vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HurryTimer: from n/a through <= 2.13.1.
CVE-2024-8667	HurryTimer HurryTimer	Med	0.21	4.3	Oct 24, 2024	The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This…
CVE-2024-13735	HurryTimer HurryTimer		0.00	—	Feb 14, 2025	The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name.…

CVE-2026-24392MedFeb 19, 2026
HurryTimer
HurryTimer
risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Stored XSS.This issue affects HurryTimer: from n/a through <= 2.14.2.
CVE-2025-53255MedJun 27, 2025
HurryTimer
HurryTimer
risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Nabil Lemsieh HurryTimer hurrytimer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HurryTimer: from n/a through <= 2.13.1.
CVE-2024-8667MedOct 24, 2024
HurryTimer
HurryTimer
risk 0.21cvss 4.3epss 0.00
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized post publication due to a missing capability check on the activateCampaign() function in all versions up to, and including, 2.10.0. This…
CVE-2024-13735Feb 14, 2025
HurryTimer
HurryTimer
risk 0.00cvss —epss 0.00
The HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping of a campaign name.…