Beta

Report

Countdown & Clock <= 2.3.2 is vulnerable to Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated
Published
2022-04-27

Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.

CVE

https://www.cve.org/CVERecord?id=CVE-2022-29421

CVSS

Score:4.7

Severity:Medium

Version: 2.3.2

There is a patch available in v2.3.3 and we strongly recommend you update to this version as soon as possible.