13 Layers
SHARE

The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin is vulnerable to Cross-Site Request Forgery via the save_theme function found in the ~/includes/admin/coundown_theme_page.php file due to a missing nonce bank check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.7. (CVSS:0.0) (Last Update:2021-09-28)

13 Layers Managed Security Services