Vulnerabilities > Plugin > Waiting

DATE CVE VULNERABILITY TITLE RISK
2023-10-20 CVE-2022-4954 Cross-site Scripting vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping.
network
low complexity
plugin CWE-79
4.8
2023-08-31 CVE-2023-3999 Missing Authorization vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2.
network
low complexity
plugin CWE-862
4.3
2023-08-31 CVE-2023-4000 Unspecified vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2.
network
low complexity
plugin
4.3
2023-05-18 CVE-2023-2757 Cross-site Scripting vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2.
network
low complexity
plugin CWE-79
5.4