Security Vulnerability Report – XSS in WordPress Countdown & Clock | ww.wp.xz.cn

bounty31
(@bounty31)

2 months, 4 weeks ago

Hi Plugin Support Team,

I’m reporting a security issue found in the WordPress Countdown & Clock Plugin (version 3.0.8 and below). It appears to be vulnerable to Cross‑Site Scripting (XSS).

Please review this issue and advise once a fix is in place.

Thanks,
Richard

The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author adamskaat
(@adamskaat)

2 months, 2 weeks ago

Hi

Thank you for connecting us.
Do you have exact information where plugin have an issue.

WFRM IT Staff
(@wfrmitstaff)

3 weeks, 4 days ago

Could you contact Patch Stack and for details about vulnerability and fix it asap?

In the opposite case we must remove it.
Regards.

James W
(@uxjw)

1 week, 4 days ago

Patchstack has 3 others identified as well:

https://patchstack.com/database/wordpress/plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities

https://patchstack.com/database/wordpress/plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability

https://patchstack.com/database/wordpress/plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

5 replies
4 participants
Last reply from: James W
Last activity: 1 week, 4 days ago
Status: not resolved