Uji Countdown <= 2.0.6 – Cross-Site Scripting (XSS) | CVE 2016-10900

Affects Plugins

uji-countdown

Fixed in 2.0.7

References

CVE

CVE-2016-10900

URL

https://seclists.org/bugtraq/2016/Aug/24

URL

https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_uji_countdown_wordpress_plugin.html

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

22f959cd-9c8e-481f-9cfa-8563c7fbe96d

Timeline

Publicly Published

2016-08-02 (about 9 years ago)

Added

2016-08-03 (about 9 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-05-19

Title

EAN for WooCommerce < 5.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-01-08

Title

SEMA API < 5.30 - Reflected Cross-Site Scripting via catid Parameter

Published

2017-02-03

Title

WP Super Cache < 1.4.9 - Cross-Site Scripting (XSS)

Published

2025-09-05

Title

Optio Dentistry < 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-02-27

Title

FooGallery < 2.4.30 - Reflected Cross-Site Scripting