Countdown & Clock <= 3.0.8 – Admin+ Stored XSS | CVE 2022-29420

Affects Plugins

countdown-builder

No known fix

References

CVE

CVE-2022-29420

CVE

CVE-2022-29422

URL

https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

3.4 (low)

Miscellaneous

Original Researcher

Jeong Wonjun, Ex.Mi

Verified

No

WPVDB ID

e18e69f7-3d28-4160-ab8e-c5064d894da0

Timeline

Publicly Published

2022-04-28 (about 3 years ago)

Added

2022-05-07 (about 3 years ago)

Last Updated

2026-02-10 (about 2 months ago)

Other

Published

Title

Published

2023-09-13

Title

Feeds for YouTube < 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Published

2024-04-18

Title

Save as PDF < 3.2.0 - Admin+ Stored XSS

Published

2024-05-07

Title

Table Maker <= 1.9.1 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2024-03-25

Title

Dracula Dark Mode - The Revolutionary Dark Mode Plugin For WordPress < 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Published

2023-10-18

Title

YouTube Playlist Player < 4.6.8 - Contributor+ Stored XSS