Countdown Timer for Elementor < 1.3.7 – Contributor+ Stored XSS | CVE 2024-13113 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.

Proof of Concept

1. Add a new post/page and insert the "Countdown Timer"
2. Navigate to the "Countdown Expire" area and change the 
3. For the "Expire Type", select "Redirect to Link" and set the "Redirect On" to `javascript:alert(555)`
4. Configure the time/date expiration for the countdown.
5. View the page and when it reaches 0, you will see the XSS

Affects Plugins

countdown-timer-for-elementor

Fixed in 1.3.7

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

ffc31d9d-d245-4c4b-992d-394a01798117

Timeline

Publicly Published

2025-02-05 (about 10 months ago)

Added

2025-02-05 (about 10 months ago)

Last Updated

2025-02-05 (about 10 months ago)

Other

Published

Title

Published

2024-03-29

Title

WooCommerce Bookings Calendar <= 1.0.36 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-08-16

Title

Email Artillery <= 4.1 - Multiple Reflected Cross-Site Scripting

Published

2024-12-23

Title

Export Customers Data < 1.2.4 - Reflected Cross-Site Scripting

Published

2024-03-16

Title

Smart Online Order for Clover < 1.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-09-09

Title

Bug Library < 2.0.4 - Reflected Cross-Site Scripting