Local File Inclusion Vulnerability in Countdown Plugin for WordPress
CVE-2025-2270
8.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 4 April 2025
What is CVE-2025-2270?
The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress contains a Local File Inclusion vulnerability due to improper handling in the createCdObj function. This flaw allows unauthenticated attackers to include and execute arbitrary server files, potentially leading to unauthorized access and execution of malicious PHP code. Exploitation of this vulnerability can facilitate bypassing access controls and may expose sensitive data.
Affected Version(s)
Countdown, Coming Soon, Maintenance – Countdown & Clock * <= 2.8.9.1