Stored Cross-Site Scripting Vulnerability in Widget Countdown by Wpdevart
CVE-2025-47443

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
7 May 2025

What is CVE-2025-47443?

The Widget Countdown plugin by Wpdevart is impacted by a stored Cross-site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. This flaw, present in versions from n/a through 2.7.4, permits attackers to inject malicious scripts. When users interact with the affected product, these scripts can be executed, potentially compromising sensitive information or user accounts. It is crucial for users to apply updates and implement security measures to protect their WordPress sites from exploitation.

Affected Version(s)

Widget Countdown <= 2.7.4

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

muhammad yudha (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.