Local File Inclusion Vulnerability in Countdown Plugin for WordPress
CVE-2025-2270

8.1HIGH

What is CVE-2025-2270?

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress contains a Local File Inclusion vulnerability due to improper handling in the createCdObj function. This flaw allows unauthenticated attackers to include and execute arbitrary server files, potentially leading to unauthorized access and execution of malicious PHP code. Exploitation of this vulnerability can facilitate bypassing access controls and may expose sensitive data.

Affected Version(s)

Countdown, Coming Soon, Maintenance – Countdown & Clock * <= 2.8.9.1

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Michael Mazzolini
.
The Cyber Security Vulnerability Database.