Cross-site Scripting Vulnerability in Widget Countdown by wpdevart
CVE-2025-24719

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Widget Countdown
Vendor: CVE Published:; 24 January 2025

What is CVE-2025-24719?

The Widget Countdown plugin developed by wpdevart is susceptible to an improper neutralization of input issue during web page generation, resulting in Stored XSS. This vulnerability can allow attackers to inject malicious scripts into web pages viewed by other users, compromising the security of affected websites. Users should be vigilant and ensure they are using updated versions of the plugin to mitigate potential risks.

Affected Version(s)

Widget Countdown <= 2.7.1

References

https://patchstack.com/database/wordpress/plugin/widget-c...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Peter Thaleikis (Patchstack Alliance)