Stored Cross-site Scripting Vulnerability in Smart Countdown FX by Alex Polonski
CVE-2025-25117

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Smart Countdown Fx
Vendor: CVE Published:; 7 February 2025

Summary

A Stored Cross-site Scripting (XSS) vulnerability exists in the Smart Countdown FX plugin by Alex Polonski, specifically affecting versions from n/a to 1.5.5. This flaw arises from improper sanitization of input during web page generation, allowing attackers to inject malicious scripts that are stored on the server. When other users access affected pages, the scripts execute in their browsers, potentially compromising their data and accounts. It is crucial for users to update their installations and implement security measures to mitigate this risk.

Affected Version(s)

Smart Countdown FX <= 1.5.5

References

https://patchstack.com/database/wordpress/plugin/smart-co...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

muhammad yudha (Patchstack Alliance)