Vulnerabilities > Plugin > Waiting

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2022-4954 Cross-site Scripting vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping.
network
low complexity
plugin CWE-79
4.8
4.8
2023-08-31 CVE-2023-3999 Missing Authorization vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2.
network
low complexity
plugin CWE-862
4.3
4.3
2023-08-31 CVE-2023-4000 Unspecified vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2.
network
low complexity
plugin
4.3
4.3
2023-05-18 CVE-2023-2757 Cross-site Scripting vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2.
network
low complexity
plugin CWE-79
5.4
5.4
2023-03-22 CVE-2023-28659 SQL Injection vulnerability in Plugin Waiting
The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action.
network
low complexity
plugin CWE-89
8.8
8.8