Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities by Adam Skaat

    CVE-2024-50516 (GCVE-0-2024-50516)

    Vulnerability from nvd – Published: 2024-11-19 16:32 – Updated: 2026-05-11 22:03
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 3.0.8 - Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Countdown & Clock countdown-builder allows Stored XSS.This issue affects Countdown & Clock: from n/a through <= 3.0.8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    adamskaat Countdown & Clock Affected: 0 , ≤ 3.0.8 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:31
    Credits
    Hwang Se-yeon | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-50516",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T21:03:46.202060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T22:03:49.992Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "countdown-builder",
              "product": "Countdown \u0026 Clock",
              "vendor": "adamskaat",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hwang Se-yeon | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:31:23.281Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in adamskaat Countdown \u0026 Clock countdown-builder allows Stored XSS.\u003cp\u003eThis issue affects Countdown \u0026 Clock: from n/a through \u003c= 3.0.8.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in adamskaat Countdown \u0026 Clock countdown-builder allows Stored XSS.This issue affects Countdown \u0026 Clock: from n/a through \u003c= 3.0.8."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:30.819Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-8-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 3.0.8 - Cross Site Scripting (XSS) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-50516",
        "datePublished": "2024-11-19T16:32:16.039Z",
        "dateReserved": "2024-10-24T07:27:11.266Z",
        "dateUpdated": "2026-05-11T22:03:49.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-38085 (GCVE-0-2022-38085)

    Vulnerability from nvd – Published: 2022-09-23 14:35 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Read more By Adam (WordPress plugin) Affected: <= 1.1.8 , ≤ 1.1.8 (custom)
    Create a notification for this product.
    Date Public
    2022-09-12 00:00
    Credits
    Vulnerability discovered by ptsfence (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/read-more/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:23:42.309832Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:02:44.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Read more By Adam (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.8",
                  "status": "affected",
                  "version": "\u003c= 1.1.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin \u003c= 1.1.8 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:47.015Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/read-more/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Read more By Adam plugin \u003c= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-09-12T10:34:00.000Z",
              "ID": "CVE-2022-38085",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Read more By Adam plugin \u003c= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Read more By Adam (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 1.1.8",
                                "version_value": "1.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin \u003c= 1.1.8 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
                },
                {
                  "name": "https://wordpress.org/plugins/read-more/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/read-more/"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-38085",
        "datePublished": "2022-09-23T14:35:42.873Z",
        "dateReserved": "2022-09-08T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:47.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-29423 (GCVE-0-2022-29423)

    Vulnerability from nvd – Published: 2022-05-06 17:40 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability
    Summary
    Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Countdown & Clock (WordPress plugin) Affected: <= 2.3.2 , ≤ 2.3.2 (custom)
    Create a notification for this product.
    Date Public
    2022-04-28 00:00
    Credits
    Vulnerability discovered by Ex.Mi (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:55.330Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/countdown-builder/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29423",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:30:25.285683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:23:10.924Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Countdown \u0026 Clock (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.2",
                  "status": "affected",
                  "version": "\u003c= 2.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
            }
          ],
          "datePublic": "2022-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pro Features Lock Bypass vulnerability in Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:41.319Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/countdown-builder/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Pro Features Lock Bypass vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-28T12:59:00.000Z",
              "ID": "CVE-2022-29423",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Pro Features Lock Bypass vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Countdown \u0026 Clock (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.3.2",
                                "version_value": "2.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pro Features Lock Bypass vulnerability in Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/countdown-builder/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/countdown-builder/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-29423",
        "datePublished": "2022-05-06T17:40:41.844Z",
        "dateReserved": "2022-04-18T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:41.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-29422 (GCVE-0-2022-29422)

    Vulnerability from nvd – Published: 2022-05-06 17:37 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
    Summary
    Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Countdown & Clock (WordPress plugin) Affected: <= 2.3.2 , ≤ 2.3.2 (custom)
    Create a notification for this product.
    Date Public
    2022-04-28 00:00
    Credits
    Vulnerability discovered by Ex.Mi (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:55.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/countdown-builder/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:30:29.130999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:23:18.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Countdown \u0026 Clock (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.2",
                  "status": "affected",
                  "version": "\u003c= 2.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
            }
          ],
          "datePublic": "2022-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat\u0027s Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress via \u0026ycd-countdown-width, \u0026ycd-progress-height, \u0026ycd-progress-width, \u0026ycd-button-margin-top, \u0026ycd-button-margin-right, \u0026ycd-button-margin-bottom, \u0026ycd-button-margin-left, \u0026ycd-circle-countdown-before-countdown, \u0026ycd-circle-countdown-after-countdown vulnerable parameters."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:41.267Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/countdown-builder/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-28T11:45:00.000Z",
              "ID": "CVE-2022-29422",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Countdown \u0026 Clock (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.3.2",
                                "version_value": "2.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat\u0027s Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress via \u0026ycd-countdown-width, \u0026ycd-progress-height, \u0026ycd-progress-width, \u0026ycd-button-margin-top, \u0026ycd-button-margin-right, \u0026ycd-button-margin-bottom, \u0026ycd-button-margin-left, \u0026ycd-circle-countdown-before-countdown, \u0026ycd-circle-countdown-after-countdown vulnerable parameters."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/countdown-builder/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/countdown-builder/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-29422",
        "datePublished": "2022-05-06T17:37:28.491Z",
        "dateReserved": "2022-04-18T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:41.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-29421 (GCVE-0-2022-29421)

    Vulnerability from nvd – Published: 2022-05-06 16:58 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability
    Summary
    Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Countdown & Clock (WordPress plugin) Affected: <= 2.3.2 , ≤ 2.3.2 (custom)
    Create a notification for this product.
    Date Public
    2022-04-28 00:00
    Credits
    Vulnerability discovered by Ex.Mi (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:55.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/countdown-builder/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29421",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:30:31.940073Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:23:25.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Countdown \u0026 Clock (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.2",
                  "status": "affected",
                  "version": "\u003c= 2.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
            }
          ],
          "datePublic": "2022-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat\u0027s Countdown \u0026 Clock plugin on WordPress via \u0026ycd_type vulnerable parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:41.419Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/countdown-builder/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-28T11:30:00.000Z",
              "ID": "CVE-2022-29421",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Countdown \u0026 Clock (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.3.2",
                                "version_value": "2.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat\u0027s Countdown \u0026 Clock plugin on WordPress via \u0026ycd_type vulnerable parameter."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/countdown-builder/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/countdown-builder/"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-29421",
        "datePublished": "2022-05-06T16:58:42.534Z",
        "dateReserved": "2022-04-18T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:41.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-29420 (GCVE-0-2022-29420)

    Vulnerability from nvd – Published: 2022-05-06 16:53 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Countdown & Clock (WordPress plugin) Affected: n/a , ≤ 2.3.2 (custom)
    Create a notification for this product.
    Date Public
    2022-04-27 21:00
    Credits
    Jeong Wonjun - Pongchi (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-06T02:51:18.284807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-06T02:51:20.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:55.023Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "countdown-builder",
              "product": "Countdown \u0026 Clock (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.2",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jeong Wonjun - Pongchi (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-04-27T21:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Adam Skaat Countdown \u0026 Clock (WordPress plugin) countdown-builder allows Stored XSS.\u003cp\u003eThis issue affects Countdown \u0026 Clock (WordPress plugin): from n/a through 2.3.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Adam Skaat Countdown \u0026 Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown \u0026 Clock (WordPress plugin): from n/a through 2.3.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:41.290Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-28T10:50:00.000Z",
              "ID": "CVE-2022-29420",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Countdown \u0026 Clock (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.3.2",
                                "version_value": "2.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Jeong Wonjun aka Pongchi (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat\u0027s Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress via \u0026ycd-circle-countdown-before-countdown and \u0026ycd-circle-countdown-after-countdown vulnerable parameters."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/countdown-builder/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/countdown-builder/"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-29420",
        "datePublished": "2022-05-06T16:53:30.706Z",
        "dateReserved": "2022-04-18T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:41.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-50516 (GCVE-0-2024-50516)

    Vulnerability from cvelistv5 – Published: 2024-11-19 16:32 – Updated: 2026-05-11 22:03
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 3.0.8 - Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in adamskaat Countdown & Clock countdown-builder allows Stored XSS.This issue affects Countdown & Clock: from n/a through <= 3.0.8.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    adamskaat Countdown & Clock Affected: 0 , ≤ 3.0.8 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:31
    Credits
    Hwang Se-yeon | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-50516",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T21:03:46.202060Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T22:03:49.992Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "countdown-builder",
              "product": "Countdown \u0026 Clock",
              "vendor": "adamskaat",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Hwang Se-yeon | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:31:23.281Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in adamskaat Countdown \u0026 Clock countdown-builder allows Stored XSS.\u003cp\u003eThis issue affects Countdown \u0026 Clock: from n/a through \u003c= 3.0.8.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in adamskaat Countdown \u0026 Clock countdown-builder allows Stored XSS.This issue affects Countdown \u0026 Clock: from n/a through \u003c= 3.0.8."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:30.819Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/countdown-builder/vulnerability/wordpress-countdown-clock-plugin-2-8-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 3.0.8 - Cross Site Scripting (XSS) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-50516",
        "datePublished": "2024-11-19T16:32:16.039Z",
        "dateReserved": "2024-10-24T07:27:11.266Z",
        "dateUpdated": "2026-05-11T22:03:49.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-38085 (GCVE-0-2022-38085)

    Vulnerability from cvelistv5 – Published: 2022-09-23 14:35 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Read more By Adam plugin <= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin <= 1.1.8 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Read more By Adam (WordPress plugin) Affected: <= 1.1.8 , ≤ 1.1.8 (custom)
    Create a notification for this product.
    Date Public
    2022-09-12 00:00
    Credits
    Vulnerability discovered by ptsfence (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.011Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/read-more/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38085",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:23:42.309832Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:02:44.053Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Read more By Adam (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.8",
                  "status": "affected",
                  "version": "\u003c= 1.1.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-09-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin \u003c= 1.1.8 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:47.015Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/read-more/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Read more By Adam plugin \u003c= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-09-12T10:34:00.000Z",
              "ID": "CVE-2022-38085",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Read more By Adam plugin \u003c= 1.1.8 - Cross-Site Request Forgery (CSRF) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Read more By Adam (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 1.1.8",
                                "version_value": "1.1.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam plugin \u003c= 1.1.8 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/read-more/wordpress-read-more-by-adam-plugin-1-1-8-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
                },
                {
                  "name": "https://wordpress.org/plugins/read-more/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/read-more/"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-38085",
        "datePublished": "2022-09-23T14:35:42.873Z",
        "dateReserved": "2022-09-08T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:47.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-29423 (GCVE-0-2022-29423)

    Vulnerability from cvelistv5 – Published: 2022-05-06 17:40 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 2.3.2 - Pro Features Lock Bypass vulnerability
    Summary
    Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Countdown & Clock (WordPress plugin) Affected: <= 2.3.2 , ≤ 2.3.2 (custom)
    Create a notification for this product.
    Date Public
    2022-04-28 00:00
    Credits
    Vulnerability discovered by Ex.Mi (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:55.330Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/countdown-builder/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29423",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:30:25.285683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:23:10.924Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Countdown \u0026 Clock (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.2",
                  "status": "affected",
                  "version": "\u003c= 2.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
            }
          ],
          "datePublic": "2022-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Pro Features Lock Bypass vulnerability in Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:41.319Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/countdown-builder/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Pro Features Lock Bypass vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-28T12:59:00.000Z",
              "ID": "CVE-2022-29423",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Pro Features Lock Bypass vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Countdown \u0026 Clock (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.3.2",
                                "version_value": "2.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Pro Features Lock Bypass vulnerability in Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/countdown-builder/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/countdown-builder/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-pro-features-lock-bypass-vulnerability"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-29423",
        "datePublished": "2022-05-06T17:40:41.844Z",
        "dateReserved": "2022-04-18T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:41.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-29422 (GCVE-0-2022-29422)

    Vulnerability from cvelistv5 – Published: 2022-05-06 17:37 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
    Summary
    Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Countdown & Clock (WordPress plugin) Affected: <= 2.3.2 , ≤ 2.3.2 (custom)
    Create a notification for this product.
    Date Public
    2022-04-28 00:00
    Credits
    Vulnerability discovered by Ex.Mi (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:55.293Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/countdown-builder/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:30:29.130999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:23:18.289Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Countdown \u0026 Clock (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.2",
                  "status": "affected",
                  "version": "\u003c= 2.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
            }
          ],
          "datePublic": "2022-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat\u0027s Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress via \u0026ycd-countdown-width, \u0026ycd-progress-height, \u0026ycd-progress-width, \u0026ycd-button-margin-top, \u0026ycd-button-margin-right, \u0026ycd-button-margin-bottom, \u0026ycd-button-margin-left, \u0026ycd-circle-countdown-before-countdown, \u0026ycd-circle-countdown-after-countdown vulnerable parameters."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:41.267Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/countdown-builder/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-28T11:45:00.000Z",
              "ID": "CVE-2022-29422",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Countdown \u0026 Clock (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.3.2",
                                "version_value": "2.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat\u0027s Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress via \u0026ycd-countdown-width, \u0026ycd-progress-height, \u0026ycd-progress-width, \u0026ycd-button-margin-top, \u0026ycd-button-margin-right, \u0026ycd-button-margin-bottom, \u0026ycd-button-margin-left, \u0026ycd-circle-countdown-before-countdown, \u0026ycd-circle-countdown-after-countdown vulnerable parameters."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:L",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/countdown-builder/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/countdown-builder/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-29422",
        "datePublished": "2022-05-06T17:37:28.491Z",
        "dateReserved": "2022-04-18T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:41.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-29421 (GCVE-0-2022-29421)

    Vulnerability from cvelistv5 – Published: 2022-05-06 16:58 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability
    Summary
    Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Countdown & Clock (WordPress plugin) Affected: <= 2.3.2 , ≤ 2.3.2 (custom)
    Create a notification for this product.
    Date Public
    2022-04-28 00:00
    Credits
    Vulnerability discovered by Ex.Mi (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:55.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/countdown-builder/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29421",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:30:31.940073Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:23:25.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Countdown \u0026 Clock (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.2",
                  "status": "affected",
                  "version": "\u003c= 2.3.2",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
            }
          ],
          "datePublic": "2022-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat\u0027s Countdown \u0026 Clock plugin on WordPress via \u0026ycd_type vulnerable parameter."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:41.419Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/countdown-builder/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-28T11:30:00.000Z",
              "ID": "CVE-2022-29421",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Reflected Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Countdown \u0026 Clock (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.3.2",
                                "version_value": "2.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Ex.Mi (Patchstack)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat\u0027s Countdown \u0026 Clock plugin on WordPress via \u0026ycd_type vulnerable parameter."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/countdown-builder/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/countdown-builder/"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-0-stored-cross-site-scripting-xss-vulnerability"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-29421",
        "datePublished": "2022-05-06T16:58:42.534Z",
        "dateReserved": "2022-04-18T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:41.419Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-29420 (GCVE-0-2022-29420)

    Vulnerability from cvelistv5 – Published: 2022-05-06 16:53 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Countdown & Clock plugin <= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Adam Skaat Countdown & Clock (WordPress plugin) Affected: n/a , ≤ 2.3.2 (custom)
    Create a notification for this product.
    Date Public
    2022-04-27 21:00
    Credits
    Jeong Wonjun - Pongchi (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-29420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-06T02:51:18.284807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-06T02:51:20.485Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T06:17:55.023Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "countdown-builder",
              "product": "Countdown \u0026 Clock (WordPress plugin)",
              "vendor": "Adam Skaat",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.2",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jeong Wonjun - Pongchi (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-04-27T21:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Adam Skaat Countdown \u0026 Clock (WordPress plugin) countdown-builder allows Stored XSS.\u003cp\u003eThis issue affects Countdown \u0026 Clock (WordPress plugin): from n/a through 2.3.2.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in Adam Skaat Countdown \u0026 Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown \u0026 Clock (WordPress plugin): from n/a through 2.3.2."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-592 Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:41.290Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-28T10:50:00.000Z",
              "ID": "CVE-2022-29420",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Countdown \u0026 Clock plugin \u003c= 2.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Countdown \u0026 Clock (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.3.2",
                                "version_value": "2.3.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Adam Skaat"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Jeong Wonjun aka Pongchi (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat\u0027s Countdown \u0026 Clock plugin \u003c= 2.3.2 at WordPress via \u0026ycd-circle-countdown-before-countdown and \u0026ycd-circle-countdown-after-countdown vulnerable parameters."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/countdown-builder/",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/countdown-builder/"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/countdown-builder/wordpress-countdown-clock-plugin-2-3-1-authenticated-stored-cross-site-scripting-xss-vulnerability"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-29420",
        "datePublished": "2022-05-06T16:53:30.706Z",
        "dateReserved": "2022-04-18T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:41.290Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }