WordPress Plugin Vulnerabilities

Countdown & Clock <= 3.0.8 - Pro Features Lock Bypass

Description

The plugin does not properly lock its Pro features which could allow high privilege users such as admin to bypass the restriction and use them

Affects Plugins

Plugin icon
countdown-builder
No known fix

References

CVE
CVE-2022-29423
URL
https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability

Miscellaneous

Original Researcher
Ex.Mi
Verified
No
WPVDB ID
60eb1d98-8bf9-495c-bac8-fe46cd9f97df

Timeline

Publicly Published
2022-04-28 (about 3 years ago)
Added
2022-05-07 (about 3 years ago)
Last Updated
2026-02-10 (about 1 month ago)

Other

Published
Title
Published
2022-12-29
Title
Passster < 3.5.5.9 - Protection Bypass & Arbitrary Post Access
Published
2019-01-16
Title
Social Network Tabs - Social Media API Key Leakage
Published
2019-06-21
Title
Seo By Rank Math <= 1.0.27 - Authenticated Settings Reset
Published
2014-06-26
Title
JSON REST API 1.1 - JSONP SOP Bypass
Published
2023-06-12
Title
Protect WP Admin < 4.0 - Unauthenticated Protection Bypass