Title: Security issues Last modified: December 9, 2022 --- # Security issues * Resolved [lmverberne](https://wordpress.org/support/users/lmverberne/) * (@lmverberne) * [3 years, 4 months ago](https://wordpress.org/support/topic/security-issues-51/) * Hi, * Jetpack protect is reporting two issues with Countdown: – The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed ([https://wpscan.com/vulnerability/e18e69f7-3d28-4160-ab8e-c5064d894da0?site=www.moederheil.nl](https://wpscan.com/vulnerability/e18e69f7-3d28-4160-ab8e-c5064d894da0?site=www.moederheil.nl):: wp) – The plugin does not properly lock its Pro features which could allow high privilege users such as admin to bypass the restriction and use them ([https://wpscan.com/vulnerability/60eb1d98-8bf9-495c-bac8-fe46cd9f97df?site=www.moederheil.nl](https://wpscan.com/vulnerability/60eb1d98-8bf9-495c-bac8-fe46cd9f97df?site=www.moederheil.nl):: wp) * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-issues-51%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [adamskaat](https://wordpress.org/support/users/adamskaat/) * (@adamskaat) * [3 years, 4 months ago](https://wordpress.org/support/topic/security-issues-51/#post-16281188) * Dear [@lmverberne](https://wordpress.org/support/users/lmverberne/), * Thank you for connecting us. Could you please give more details file and lines where you found some issue? You have mentioned <= 2.3.2 but our plugin’s latest version is 2.4.7 * Are those issues exist on our latest version? * Thread Starter [lmverberne](https://wordpress.org/support/users/lmverberne/) * (@lmverberne) * [3 years, 3 months ago](https://wordpress.org/support/topic/security-issues-51/#post-16301607) * My WordPress.org website is fully up to date. Countdown version 2.4.8. I have Jetpack Protect running to monitor any vulnerabilities. I know there’s a difference between the countdown version 2.4.8. and the title of the messages, but this is the only information I got. With regards to Countdown it shows two issues: –** Countdown & Clock <= 2.3.2 – Admin+ Stored Cross-Site Scripting**. The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed [See more technical details of this threat](https://jetpack.com/redirect/?source=jetpack-protect-vul-info&site=www.moederheil.nl%3A%3Awp&path=e18e69f7-3d28-4160-ab8e-c5064d894da0).–** Countdown & Clock <= 2.3.2 – Pro Features Lock Bypass** The plugin does not properly lock its Pro features which could allow high privilege users such as admin to bypass the restriction and use them[See more technical details of this threat](https://jetpack.com/redirect/?source=jetpack-protect-vul-info&site=www.moederheil.nl%3A%3Awp&path=60eb1d98-8bf9-495c-bac8-fe46cd9f97df) * I hope this helps. Lucas * Plugin Author [adamskaat](https://wordpress.org/support/users/adamskaat/) * (@adamskaat) * [3 years, 3 months ago](https://wordpress.org/support/topic/security-issues-51/#post-16304055) * Dear [@lmverberne](https://wordpress.org/support/users/lmverberne/), * I dont know why it’s showing old version issues, but in my opinion, currently, we dont have like that issue. * Thanks a lot, if you will have any suggestions or questions please write in a new thread. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Security issues’ is closed to new replies. * ![](https://ps.w.org/countdown-builder/assets/icon-128x128.png?rev=1821564) * [Countdown, Coming Soon, Maintenance - Countdown & Clock](https://wordpress.org/plugins/countdown-builder/) * [Frequently Asked Questions](https://wordpress.org/plugins/countdown-builder/#faq) * [Support Threads](https://wordpress.org/support/plugin/countdown-builder/) * [Active Topics](https://wordpress.org/support/plugin/countdown-builder/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/countdown-builder/unresolved/) * [Reviews](https://wordpress.org/support/plugin/countdown-builder/reviews/) * 6 replies * 4 participants * Last reply from: [adamskaat](https://wordpress.org/support/users/adamskaat/) * Last activity: [3 years, 3 months ago](https://wordpress.org/support/topic/security-issues-51/#post-16304055) * Status: resolved